[Malwarebytes stops running, even in safe mode]

Attached is the DDS report.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Jim Kasprzak 4 at 10:44:44 on 2011-10-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.893 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\AERTSrv.exe

C:\Program Files\Common Files\Dell\apache\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Dell\apache\bin\httpd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\sminst\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\ProgramData\UltraVNC\winvnc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\windows\SMINST\Components\scheduler\STService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\ProgramData\UltraVNC\winvnc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Tropico\Tropico.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111008063140.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex

StartupFolder: c:\users\jimkas~4\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 461864]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-25 64712]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-25 164776]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-10-19 77824]

R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 148520]

R2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-5-13 632048]

R2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 180072]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 338040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 66368]

S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\docklogin.exe --> c:\program files\dell\delldock\DockLogin.exe [?]

S2 dsl-db;Remote Access DB;"c:\program files\common files\dell\mysql\bin\mysqld.exe" "--defaults-file=c:\program files\common files\dell\mysql\my.ini" dsl-db --> c:\program files\common files\dell\mysql\bin\mysqld.exe [?]

S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 166024]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 57432]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2011-10-19 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 59288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 87808]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-28 09:47:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ba0802c-633c-40dc-b3aa-103b3fe4444c}\offreg.dll

2011-10-28 09:40:17 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\temp

2011-10-28 09:39:21 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-28 09:28:39 -------- d-----w- C:\ComboFix

2011-10-23 15:37:00 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\Apple

2011-10-22 23:10:19 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\2DBoy

2011-10-22 21:59:55 48016 --sha-w- c:\windows\system32\c_15244.nl_

2011-10-21 14:44:28 45056 ----a-r- c:\users\jim kasprzak 4\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe

2011-10-21 14:44:23 -------- d-----w- c:\windows\system32\vmm32

2011-10-20 01:20:14 77824 ----a-w- c:\windows\system32\AERTSrv.exe

2011-10-20 00:16:39 98816 ----a-w- c:\windows\sed.exe

2011-10-20 00:16:39 518144 ----a-w- c:\windows\SWREG.exe

2011-10-20 00:16:39 256000 ----a-w- c:\windows\PEV.exe

2011-10-20 00:16:39 208896 ----a-w- c:\windows\MBR.exe

2011-10-19 01:42:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8ba0802c-633c-40dc-b3aa-103b3fe4444c}\mpengine.dll

2011-10-15 11:39:57 -------- d-----w- c:\windows\pss

2011-10-15 11:08:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-14 10:24:53 -------- d-----w- c:\users\jim kasprzak 4\appdata\roaming\Malwarebytes

2011-10-14 10:24:40 -------- d-----w- c:\programdata\Malwarebytes

2011-10-14 10:03:20 0 ---ha-w- c:\users\jim kasprzak 4\appdata\local\BIT5705.tmp

2011-10-12 23:08:44 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08:43 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08:43 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08:43 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-12 23:08:23 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-12 23:08:23 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-11 15:42:18 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\DataSafeOnline

2011-10-11 11:33:27 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\Google

2011-10-11 10:04:43 -------- d-----w- c:\users\jim kasprzak 4\appdata\local\My Games

2011-10-08 19:29:10 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-10-08 19:29:01 222080 ------w- c:\windows\system32\MpSigStub.exe

.

==================== Find3M ====================

.

2011-10-28 09:23:50 35328 ----a-w- c:\windows\system32\drivers\npfs.sys

2011-10-19 02:35:23 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-19 01:34:56 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-28 01:59:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-23 11:08:01 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

============= FINISH: 10:45:37.19 ===============

[Malwarebytes stops running, even in safe mode]

I found the DDS instructions. Will have to re-download but I will post the results soon.

[Malwarebytes stops running, even in safe mode]

I am pleasantly astounded. MBAM completed its scan and found no infections.

Caveat: the installation program said that the database is 56 days out of date, and I can't update it due to the Internet connection still not working.

Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7622

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/28/2011 8:42:09 AM

mbam-log-2011-10-28 (08-42-09).txt

Scan type: Quick scan

Objects scanned: 233222

Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Malwarebytes stops running, even in safe mode]

Running MBAM now - at least it's not bombing after a few seconds. We will see if it successfully completes.

Can you please re-post the instructions for DDS scan?

[Malwarebytes stops running, even in safe mode]

Here are the results:

SystemLook 30.07.11 by jpshortstuff

Log created at 07:42 on 28/10/2011 by Jim Kasprzak 4

Administrator - Elevation successful

========== filefind ==========

Searching for "Npfs.sys"

C:\Windows\System32\drivers\npfs.sys --a---- 35328 bytes [10:59 11/09/2009] [09:23 28/10/2011] D36F239D7CCE1931598E8FB90A0DBC26

C:\Windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.0.6001.18000_none_a67184dd1ceb330f\npfs.sys --a---- 34816 bytes [02:23 21/01/2008] [02:23 21/01/2008] ECB5003F484F9ED6C608D6D6C7886CBB

C:\Windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.0.6002.18005_none_a85cfde91a0cfe5b\npfs.sys --a---- 35328 bytes [10:59 11/09/2009] [09:23 28/10/2011] D36F239D7CCE1931598E8FB90A0DBC26

-= EOF =-

[Malwarebytes stops running, even in safe mode]

No change in the behavior of the machine that I can see. Still unable to connect to the Internet.

[Malwarebytes stops running, even in safe mode]

And here is the Combofix log:

ComboFix 11-10-20.08 - Jim Kasprzak 4 10/28/2011 5:32.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1248 [GMT -4:00]

Running from: c:\users\Jim Kasprzak 4\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))

.

.

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\Jim\AppData\Local\temp

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\Jim Kasprzak\AppData\Local\temp

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Local\temp

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\Jim Kasprzak 2\AppData\Local\temp

2011-10-28 09:34 . 2011-10-28 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-28 09:24 . 2011-10-28 09:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\offreg.dll

2011-10-27 02:32 . 2011-10-27 02:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-22 21:59 . 2011-10-22 21:59 48016 --sha-w- c:\windows\system32\c_15244.nl_

2011-10-21 14:44 . 2011-10-21 14:44 -------- d-----w- c:\windows\system32\vmm32

2011-10-20 01:20 . 2007-12-05 11:17 77824 ----a-w- c:\windows\system32\AERTSrv.exe

2011-10-19 01:42 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BA0802C-633C-40DC-B3AA-103B3FE4444C}\mpengine.dll

2011-10-15 11:08 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-15 10:28 . 2011-10-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-14 10:24 . 2011-10-14 10:24 -------- d-----w- c:\programdata\Malwarebytes

2011-10-12 23:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 23:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 23:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 23:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 23:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 23:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-12 23:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 23:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 23:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 23:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-11 09:59 . 2011-10-24 09:34 -------- d-----w- c:\users\Jim Kasprzak 4

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\Tracing

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Unity

2011-10-11 09:34 . 2010-10-20 23:36 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Windows Live Writer

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\TaxCut

2011-10-11 09:34 . 2011-10-11 09:34 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\Oberon Media

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PCDr

2011-10-11 09:34 . 2011-10-11 09:34 -------- d-----r- c:\users\Jim Kasprzak 3\AppData\Roaming\SecuROM

2011-10-11 09:31 . 2011-10-11 09:31 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Merscom

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\IGN_DLM

2011-10-11 09:30 . 2011-10-11 09:30 -------- d--h--w- c:\users\Jim Kasprzak 3\AppData\Roaming\funkitron

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Facebook

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\eMusic

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\CyberLink

2011-10-11 09:30 . 2011-10-11 09:30 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Amazon

2011-10-11 09:30 . 2009-12-01 02:33 8653312 ----a-w- c:\users\Jim Kasprzak 3\AppData\Roaming\DataSafeDotNet.exe

2011-10-09 17:52 . 2011-10-09 17:52 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\Malwarebytes

2011-10-09 09:35 . 2011-10-09 09:35 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\McAfee

2011-10-08 19:29 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-05 00:06 . 2011-10-05 00:06 -------- d-----w- c:\users\Jim Kasprzak 3\AppData\Roaming\PlayFirst

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 09:23 . 2009-09-11 10:59 35328 ----a-w- c:\windows\system32\drivers\npfs.sys

2011-10-19 02:35 . 2009-09-11 10:59 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-19 01:34 . 2011-06-15 19:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-28 01:59 . 2011-05-14 09:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-23 11:08 . 2011-09-23 11:08 161792 ----a-w- c:\windows\system32\msls31.dll

2011-09-23 11:07 . 2011-09-23 11:07 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-23 11:07 . 2011-09-23 11:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-09-23 11:07 . 2011-09-23 11:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-09-23 11:07 . 2011-09-23 11:07 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-09-23 11:07 . 2011-09-23 11:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-09-23 11:07 . 2011-09-23 11:07 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-09-23 11:07 . 2011-09-23 11:07 367104 ----a-w- c:\windows\system32\html.iec

2011-09-23 11:07 . 2011-09-23 11:07 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-23 11:07 . 2011-09-23 11:07 152064 ----a-w- c:\windows\system32\wextract.exe

2011-09-23 11:07 . 2011-09-23 11:07 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-09-23 11:07 . 2011-09-23 11:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-23 11:07 . 2011-09-23 11:07 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-09-23 11:07 . 2011-09-23 11:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-23 11:07 . 2011-09-23 11:07 11776 ----a-w- c:\windows\system32\mshta.exe

2011-09-23 11:07 . 2011-09-23 11:07 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-09-23 11:07 . 2011-09-23 11:07 101888 ----a-w- c:\windows\system32\admparse.dll

2011-09-23 11:07 . 2011-09-23 11:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 10:40 . 2011-08-22 10:40 0 ---ha-w- c:\users\Jim Kasprzak 2\AppData\Local\Spituj.bin

2011-08-15 14:00 . 2010-08-25 07:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-25 07:50 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-08-25 07:50 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-08-15 14:00 . 2010-08-25 07:50 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-25 07:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-15 14:00 . 2010-08-25 07:50 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-25 07:50 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-25 07:50 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-25 07:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-07-08 07:16 . 2011-08-14 18:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 18:01 . 2011-08-14 19:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-09-28 243360]

.

c:\users\Jim Kasprzak 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-13 53248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-05-13 07:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-03-30 66368]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [x]

R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-15 57432]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-15 87808]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-08-15 64712]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-08-15 164776]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 148520]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-15 338040]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 25213173

*Deregistered* - 25213173

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-25 c:\windows\Tasks\Norton Security Scan for Jim Kasprzak.job

- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-03-13 07:25]

.

2011-10-28 c:\windows\Tasks\User_Feed_Synchronization-{E31C1D6B-950E-489A-A927-F01A5C3A2B23}.job

- c:\windows\system32\msfeedssync.exe [2011-09-23 11:07]

.

2011-10-24 c:\windows\Tasks\vtscheduletask.job

- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-10-09 18:25]

.

.

------- Supplementary Scan -------

.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-25213173.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-28 05:36

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB36618$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,91,65,95,bf,8c,cc,01

.

Completion time: 2011-10-28 05:40:15

ComboFix-quarantined-files.txt 2011-10-28 09:40

ComboFix2.txt 2011-10-21 22:05

ComboFix3.txt 2011-10-21 01:48

ComboFix4.txt 2011-10-20 09:34

.

Pre-Run: 57,725,452,288 bytes free

Post-Run: 57,703,563,264 bytes free

.

- - End Of File - - 77E8E2AAE6F36F2EFDB7495FF071F915

[Malwarebytes stops running, even in safe mode]

Here is the TDSSKiller log:

20:04:03.0181 4600 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

20:04:03.0204 4600 ============================================================

20:04:03.0204 4600 Current date / time: 2011/10/27 20:04:03.0204

20:04:03.0204 4600 SystemInfo:

20:04:03.0204 4600

20:04:03.0204 4600 OS Version: 6.0.6002 ServicePack: 2.0

20:04:03.0204 4600 Product type: Workstation

20:04:03.0204 4600 ComputerName: JIMKASPRZAK-PC

20:04:03.0204 4600 UserName: Jim Kasprzak 4

20:04:03.0204 4600 Windows directory: C:\Windows

20:04:03.0204 4600 System windows directory: C:\Windows

20:04:03.0204 4600 Processor architecture: Intel x86

20:04:03.0204 4600 Number of processors: 2

20:04:03.0204 4600 Page size: 0x1000

20:04:03.0204 4600 Boot type: Normal boot

20:04:03.0204 4600 ============================================================

20:04:04.0034 4600 Initialize success

20:04:07.0747 4912 ============================================================

20:04:07.0747 4912 Scan started

20:04:07.0747 4912 Mode: Manual;

20:04:07.0747 4912 ============================================================

20:04:08.0904 4912 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:04:08.0908 4912 ACPI - ok

20:04:08.0967 4912 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:04:08.0973 4912 adp94xx - ok

20:04:08.0999 4912 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:04:09.0003 4912 adpahci - ok

20:04:09.0017 4912 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:04:09.0019 4912 adpu160m - ok

20:04:09.0043 4912 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:04:09.0046 4912 adpu320 - ok

20:04:09.0106 4912 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:04:09.0127 4912 AFD - ok

20:04:09.0179 4912 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:04:09.0180 4912 agp440 - ok

20:04:09.0229 4912 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:04:09.0230 4912 aic78xx - ok

20:04:09.0252 4912 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

20:04:09.0253 4912 aliide - ok

20:04:09.0292 4912 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:04:09.0294 4912 amdagp - ok

20:04:09.0314 4912 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

20:04:09.0315 4912 amdide - ok

20:04:09.0333 4912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:04:09.0334 4912 AmdK7 - ok

20:04:09.0358 4912 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

20:04:09.0359 4912 AmdK8 - ok

20:04:09.0437 4912 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

20:04:09.0439 4912 arc - ok

20:04:09.0489 4912 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

20:04:09.0491 4912 arcsas - ok

20:04:09.0523 4912 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:04:09.0524 4912 AsyncMac - ok

20:04:09.0566 4912 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

20:04:09.0567 4912 atapi - ok

20:04:09.0590 4912 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:04:09.0591 4912 Beep - ok

20:04:09.0660 4912 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

20:04:09.0661 4912 blbdrive - ok

20:04:09.0723 4912 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:04:09.0729 4912 bowser - ok

20:04:09.0808 4912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:04:09.0809 4912 BrFiltLo - ok

20:04:09.0826 4912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:04:09.0827 4912 BrFiltUp - ok

20:04:09.0867 4912 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:04:09.0868 4912 Brserid - ok

20:04:09.0881 4912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:04:09.0883 4912 BrSerWdm - ok

20:04:09.0899 4912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:04:09.0900 4912 BrUsbMdm - ok

20:04:09.0913 4912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:04:09.0914 4912 BrUsbSer - ok

20:04:09.0935 4912 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:04:09.0936 4912 BTHMODEM - ok

20:04:10.0104 4912 catchme - ok

20:04:10.0140 4912 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:04:10.0141 4912 cdfs - ok

20:04:10.0225 4912 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:04:10.0226 4912 cdrom - ok

20:04:10.0289 4912 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\Windows\system32\drivers\cfwids.sys

20:04:10.0290 4912 cfwids - ok

20:04:10.0308 4912 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

20:04:10.0309 4912 circlass - ok

20:04:10.0367 4912 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:04:10.0371 4912 CLFS - ok

20:04:10.0403 4912 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

20:04:10.0404 4912 cmdide - ok

20:04:10.0424 4912 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys

20:04:10.0425 4912 Compbatt - ok

20:04:10.0440 4912 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

20:04:10.0440 4912 crcdisk - ok

20:04:10.0457 4912 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

20:04:10.0459 4912 Crusoe - ok

20:04:10.0494 4912 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:04:10.0502 4912 DfsC - ok

20:04:10.0539 4912 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:04:10.0540 4912 disk - ok

20:04:10.0590 4912 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:04:10.0591 4912 drmkaud - ok

20:04:10.0639 4912 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:04:10.0656 4912 DXGKrnl - ok

20:04:10.0688 4912 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

20:04:10.0691 4912 e1express - ok

20:04:10.0732 4912 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:04:10.0750 4912 E1G60 - ok

20:04:10.0795 4912 eb289bdd (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3717933291:349660194.exe

20:04:10.0795 4912 Suspicious file (Hidden): C:\Windows\3717933291:349660194.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

20:04:10.0796 4912 eb289bdd ( HiddenFile.Multi.Generic ) - warning

20:04:10.0796 4912 eb289bdd - detected HiddenFile.Multi.Generic (1)

20:04:10.0871 4912 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:04:10.0873 4912 Ecache - ok

20:04:10.0929 4912 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

20:04:10.0933 4912 elxstor - ok

20:04:10.0966 4912 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys

20:04:10.0967 4912 ErrDev - ok

20:04:11.0045 4912 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:04:11.0050 4912 exfat - ok

20:04:11.0093 4912 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:04:11.0095 4912 fastfat - ok

20:04:11.0139 4912 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

20:04:11.0140 4912 fdc - ok

20:04:11.0159 4912 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:04:11.0160 4912 FileInfo - ok

20:04:11.0185 4912 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:04:11.0186 4912 Filetrace - ok

20:04:11.0198 4912 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:04:11.0200 4912 flpydisk - ok

20:04:11.0210 4912 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:04:11.0213 4912 FltMgr - ok

20:04:11.0249 4912 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:04:11.0250 4912 Fs_Rec - ok

20:04:11.0275 4912 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

20:04:11.0276 4912 gagp30kx - ok

20:04:11.0303 4912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:04:11.0304 4912 GEARAspiWDM - ok

20:04:11.0392 4912 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:04:11.0400 4912 HDAudBus - ok

20:04:11.0418 4912 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:04:11.0419 4912 HidBth - ok

20:04:11.0431 4912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:04:11.0432 4912 HidIr - ok

20:04:11.0465 4912 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

20:04:11.0466 4912 HidUsb - ok

20:04:11.0507 4912 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

20:04:11.0508 4912 HpCISSs - ok

20:04:11.0572 4912 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:04:11.0577 4912 HTTP - ok

20:04:11.0594 4912 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

20:04:11.0595 4912 i2omp - ok

20:04:11.0623 4912 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:04:11.0624 4912 i8042prt - ok

20:04:11.0667 4912 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

20:04:11.0672 4912 iaStor - ok

20:04:11.0699 4912 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

20:04:11.0703 4912 iaStorV - ok

20:04:11.0796 4912 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

20:04:11.0905 4912 igfx - ok

20:04:11.0927 4912 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:04:11.0928 4912 iirsp - ok

20:04:12.0022 4912 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys

20:04:12.0064 4912 IntcAzAudAddService - ok

20:04:12.0095 4912 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

20:04:12.0095 4912 intelide - ok

20:04:12.0132 4912 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:04:12.0133 4912 intelppm - ok

20:04:12.0163 4912 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:04:12.0165 4912 IpFilterDriver - ok

20:04:12.0177 4912 IpInIp - ok

20:04:12.0200 4912 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

20:04:12.0220 4912 IPMIDRV - ok

20:04:12.0270 4912 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:04:12.0292 4912 IPNAT - ok

20:04:12.0324 4912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:04:12.0325 4912 IRENUM - ok

20:04:12.0353 4912 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

20:04:12.0355 4912 isapnp - ok

20:04:12.0395 4912 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:04:12.0398 4912 iScsiPrt - ok

20:04:12.0423 4912 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:04:12.0424 4912 iteatapi - ok

20:04:12.0443 4912 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:04:12.0445 4912 iteraid - ok

20:04:12.0473 4912 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:04:12.0474 4912 kbdclass - ok

20:04:12.0500 4912 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

20:04:12.0501 4912 kbdhid - ok

20:04:12.0536 4912 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

20:04:12.0543 4912 KSecDD - ok

20:04:12.0606 4912 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:04:12.0608 4912 lltdio - ok

20:04:12.0639 4912 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

20:04:12.0655 4912 LSI_FC - ok

20:04:12.0685 4912 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

20:04:12.0687 4912 LSI_SAS - ok

20:04:12.0715 4912 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

20:04:12.0718 4912 LSI_SCSI - ok

20:04:12.0749 4912 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:04:12.0756 4912 luafv - ok

20:04:12.0845 4912 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

20:04:12.0847 4912 megasas - ok

20:04:12.0872 4912 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

20:04:12.0888 4912 MegaSR - ok

20:04:12.0974 4912 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\Windows\system32\drivers\mfeapfk.sys

20:04:12.0996 4912 mfeapfk - ok

20:04:13.0044 4912 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\Windows\system32\drivers\mfeavfk.sys

20:04:13.0048 4912 mfeavfk - ok

20:04:13.0076 4912 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\Windows\system32\drivers\mfebopk.sys

20:04:13.0078 4912 mfebopk - ok

20:04:13.0109 4912 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\Windows\system32\drivers\mfefirek.sys

20:04:13.0115 4912 mfefirek - ok

20:04:13.0157 4912 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\Windows\system32\drivers\mfehidk.sys

20:04:13.0165 4912 mfehidk - ok

20:04:13.0218 4912 mfenlfk (3f9c3147c904fb4377ede0d9df06c789) C:\Windows\system32\DRIVERS\mfenlfk.sys

20:04:13.0219 4912 mfenlfk - ok

20:04:13.0244 4912 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\Windows\system32\drivers\mferkdet.sys

20:04:13.0247 4912 mferkdet - ok

20:04:13.0279 4912 mfewfpk (991069f1e220842c5f9742f6ec4b40a8) C:\Windows\system32\drivers\mfewfpk.sys

20:04:13.0282 4912 mfewfpk - ok

20:04:13.0309 4912 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:04:13.0310 4912 Modem - ok

20:04:13.0338 4912 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:04:13.0339 4912 monitor - ok

20:04:13.0354 4912 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:04:13.0355 4912 mouclass - ok

20:04:13.0368 4912 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:04:13.0370 4912 mouhid - ok

20:04:13.0384 4912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:04:13.0386 4912 MountMgr - ok

20:04:13.0417 4912 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

20:04:13.0420 4912 mpio - ok

20:04:13.0438 4912 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:04:13.0440 4912 mpsdrv - ok

20:04:13.0466 4912 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:04:13.0467 4912 Mraid35x - ok

20:04:13.0497 4912 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:04:13.0500 4912 MRxDAV - ok

20:04:13.0530 4912 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:04:13.0533 4912 mrxsmb - ok

20:04:13.0574 4912 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:04:13.0598 4912 mrxsmb10 - ok

20:04:13.0608 4912 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:04:13.0610 4912 mrxsmb20 - ok

20:04:13.0642 4912 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

20:04:13.0644 4912 msahci - ok

20:04:13.0665 4912 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

20:04:13.0667 4912 msdsm - ok

20:04:13.0705 4912 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:04:13.0730 4912 Msfs - ok

20:04:13.0771 4912 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:04:13.0772 4912 msisadrv - ok

20:04:13.0803 4912 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:04:13.0804 4912 MSKSSRV - ok

20:04:13.0835 4912 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:04:13.0836 4912 MSPCLOCK - ok

20:04:13.0858 4912 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:04:13.0859 4912 MSPQM - ok

20:04:13.0902 4912 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:04:13.0905 4912 MsRPC - ok

20:04:13.0927 4912 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:04:13.0928 4912 mssmbios - ok

20:04:13.0950 4912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:04:13.0951 4912 MSTEE - ok

20:04:13.0959 4912 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:04:13.0960 4912 Mup - ok

20:04:14.0012 4912 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:04:14.0014 4912 NativeWifiP - ok

20:04:14.0083 4912 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:04:14.0126 4912 NDIS - ok

20:04:14.0274 4912 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:04:14.0305 4912 NdisTapi - ok

20:04:14.0336 4912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:04:14.0337 4912 Ndisuio - ok

20:04:14.0388 4912 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:04:14.0397 4912 NdisWan - ok

20:04:14.0411 4912 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:04:14.0412 4912 NDProxy - ok

20:04:14.0421 4912 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:04:14.0422 4912 NetBIOS - ok

20:04:14.0463 4912 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:04:14.0466 4912 netbt - ok

20:04:14.0498 4912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:04:14.0514 4912 nfrd960 - ok

20:04:14.0543 4912 Npfs (a6b4c8894619b4bf735db45108fb0322) C:\Windows\system32\drivers\Npfs.sys

20:04:14.0543 4912 Suspicious file (Forged): C:\Windows\system32\drivers\Npfs.sys. Real md5: a6b4c8894619b4bf735db45108fb0322, Fake md5: d36f239d7cce1931598e8fb90a0dbc26

20:04:14.0544 4912 Npfs ( Rootkit.Win32.ZAccess.e ) - infected

20:04:14.0544 4912 Npfs - detected Rootkit.Win32.ZAccess.e (0)

20:04:14.0573 4912 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:04:14.0574 4912 nsiproxy - ok

20:04:14.0661 4912 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:04:14.0685 4912 Ntfs - ok

20:04:14.0703 4912 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:04:14.0704 4912 ntrigdigi - ok

20:04:14.0727 4912 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:04:14.0727 4912 Null - ok

20:04:14.0752 4912 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

20:04:14.0754 4912 nvraid - ok

20:04:14.0769 4912 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

20:04:14.0771 4912 nvstor - ok

20:04:14.0793 4912 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

20:04:14.0795 4912 nv_agp - ok

20:04:14.0978 4912 NwlnkFlt - ok

20:04:15.0012 4912 NwlnkFwd - ok

20:04:15.0037 4912 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

20:04:15.0038 4912 ohci1394 - ok

20:04:15.0091 4912 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys

20:04:15.0091 4912 Packet - ok

20:04:15.0118 4912 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:04:15.0120 4912 Parport - ok

20:04:15.0151 4912 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:04:15.0153 4912 partmgr - ok

20:04:15.0173 4912 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:04:15.0174 4912 Parvdm - ok

20:04:15.0233 4912 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:04:15.0235 4912 pci - ok

20:04:15.0256 4912 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

20:04:15.0257 4912 pciide - ok

20:04:15.0292 4912 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:04:15.0295 4912 pcmcia - ok

20:04:15.0335 4912 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:04:15.0352 4912 PEAUTH - ok

20:04:15.0433 4912 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:04:15.0441 4912 PptpMiniport - ok

20:04:15.0463 4912 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

20:04:15.0464 4912 Processor - ok

20:04:15.0534 4912 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:04:15.0537 4912 PSched - ok

20:04:15.0569 4912 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

20:04:15.0571 4912 PxHelp20 - ok

20:04:15.0618 4912 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

20:04:15.0644 4912 ql2300 - ok

20:04:15.0663 4912 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:04:15.0665 4912 ql40xx - ok

20:04:15.0678 4912 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:04:15.0680 4912 QWAVEdrv - ok

20:04:15.0766 4912 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

20:04:15.0812 4912 R300 - ok

20:04:15.0822 4912 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:04:15.0824 4912 RasAcd - ok

20:04:15.0840 4912 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:04:15.0842 4912 Rasl2tp - ok

20:04:15.0885 4912 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:04:15.0887 4912 RasPppoe - ok

20:04:15.0935 4912 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:04:15.0937 4912 RasSstp - ok

20:04:15.0987 4912 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:04:15.0991 4912 rdbss - ok

20:04:16.0000 4912 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:04:16.0002 4912 RDPCDD - ok

20:04:16.0075 4912 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

20:04:16.0080 4912 rdpdr - ok

20:04:16.0090 4912 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:04:16.0091 4912 RDPENCDD - ok

20:04:16.0120 4912 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:04:16.0124 4912 RDPWD - ok

20:04:16.0184 4912 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

20:04:16.0186 4912 RimUsb - ok

20:04:16.0211 4912 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:04:16.0213 4912 rspndr - ok

20:04:16.0236 4912 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:04:16.0239 4912 sbp2port - ok

20:04:16.0286 4912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:04:16.0287 4912 secdrv - ok

20:04:16.0318 4912 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:04:16.0320 4912 Serenum - ok

20:04:16.0350 4912 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:04:16.0352 4912 Serial - ok

20:04:16.0374 4912 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:04:16.0376 4912 sermouse - ok

20:04:16.0409 4912 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

20:04:16.0410 4912 sffdisk - ok

20:04:16.0430 4912 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

20:04:16.0432 4912 sffp_mmc - ok

20:04:16.0449 4912 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

20:04:16.0450 4912 sffp_sd - ok

20:04:16.0471 4912 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:04:16.0473 4912 sfloppy - ok

20:04:16.0537 4912 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

20:04:16.0539 4912 sisagp - ok

20:04:16.0565 4912 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

20:04:16.0567 4912 SiSRaid2 - ok

20:04:16.0587 4912 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

20:04:16.0589 4912 SiSRaid4 - ok

20:04:16.0639 4912 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:04:16.0641 4912 Smb - ok

20:04:16.0664 4912 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:04:16.0665 4912 spldr - ok

20:04:16.0716 4912 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:04:16.0722 4912 srv - ok

20:04:16.0765 4912 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:04:16.0768 4912 srv2 - ok

20:04:16.0806 4912 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:04:16.0809 4912 srvnet - ok

20:04:16.0848 4912 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:04:16.0849 4912 swenum - ok

20:04:16.0879 4912 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:04:16.0881 4912 Symc8xx - ok

20:04:16.0900 4912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:04:16.0901 4912 Sym_hi - ok

20:04:16.0914 4912 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:04:16.0916 4912 Sym_u3 - ok

20:04:17.0004 4912 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

20:04:17.0030 4912 Tcpip - ok

20:04:17.0067 4912 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

20:04:17.0078 4912 Tcpip6 - ok

20:04:17.0125 4912 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

20:04:17.0130 4912 tcpipreg - ok

20:04:17.0156 4912 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:04:17.0157 4912 TDPIPE - ok

20:04:17.0198 4912 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:04:17.0199 4912 TDTCP - ok

20:04:17.0247 4912 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:04:17.0248 4912 TermDD - ok

20:04:17.0290 4912 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:04:17.0291 4912 tssecsrv - ok

20:04:17.0310 4912 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:04:17.0310 4912 tunmp - ok

20:04:17.0354 4912 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

20:04:17.0355 4912 tunnel - ok

20:04:17.0376 4912 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

20:04:17.0378 4912 uagp35 - ok

20:04:17.0430 4912 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:04:17.0433 4912 udfs - ok

20:04:17.0452 4912 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

20:04:17.0456 4912 uliagpkx - ok

20:04:17.0475 4912 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

20:04:17.0479 4912 uliahci - ok

20:04:17.0497 4912 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:04:17.0499 4912 UlSata - ok

20:04:17.0523 4912 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:04:17.0525 4912 ulsata2 - ok

20:04:17.0552 4912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:04:17.0553 4912 umbus - ok

20:04:17.0608 4912 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:04:17.0609 4912 USBAAPL - ok

20:04:17.0651 4912 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

20:04:17.0653 4912 usbaudio - ok

20:04:17.0695 4912 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:04:17.0697 4912 usbccgp - ok

20:04:17.0719 4912 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:04:17.0721 4912 usbcir - ok

20:04:17.0766 4912 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:04:17.0768 4912 usbehci - ok

20:04:17.0815 4912 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:04:17.0818 4912 usbhub - ok

20:04:17.0843 4912 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:04:17.0845 4912 usbohci - ok

20:04:17.0931 4912 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

20:04:17.0932 4912 usbprint - ok

20:04:17.0992 4912 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

20:04:18.0022 4912 usbscan - ok

20:04:18.0090 4912 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:04:18.0091 4912 USBSTOR - ok

20:04:18.0119 4912 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:04:18.0121 4912 usbuhci - ok

20:04:18.0170 4912 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

20:04:18.0172 4912 vga - ok

20:04:18.0193 4912 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:04:18.0195 4912 VgaSave - ok

20:04:18.0212 4912 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

20:04:18.0215 4912 viaagp - ok

20:04:18.0243 4912 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

20:04:18.0245 4912 ViaC7 - ok

20:04:18.0318 4912 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

20:04:18.0327 4912 viaide - ok

20:04:18.0338 4912 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:04:18.0341 4912 volmgr - ok

20:04:18.0393 4912 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:04:18.0403 4912 volmgrx - ok

20:04:18.0450 4912 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:04:18.0455 4912 volsnap - ok

20:04:18.0475 4912 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

20:04:18.0478 4912 vsmraid - ok

20:04:18.0510 4912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:04:18.0511 4912 WacomPen - ok

20:04:18.0531 4912 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:04:18.0533 4912 Wanarp - ok

20:04:18.0541 4912 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:04:18.0543 4912 Wanarpv6 - ok

20:04:18.0568 4912 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

20:04:18.0570 4912 Wd - ok

20:04:18.0602 4912 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:04:18.0621 4912 Wdf01000 - ok

20:04:18.0774 4912 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys

20:04:18.0783 4912 WmiAcpi - ok

20:04:18.0850 4912 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

20:04:18.0851 4912 WpdUsb - ok

20:04:18.0880 4912 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:04:18.0882 4912 ws2ifsl - ok

20:04:18.0923 4912 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:04:18.0925 4912 WUDFRd - ok

20:04:18.0954 4912 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

20:04:18.0975 4912 \Device\Harddisk0\DR0 - ok

20:04:18.0981 4912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

20:04:19.0646 4912 \Device\Harddisk1\DR1 - ok

20:04:19.0658 4912 Boot (0x1200) (5f5795ecbe826b1b1b2a80a52a646388) \Device\Harddisk0\DR0\Partition0

20:04:19.0659 4912 \Device\Harddisk0\DR0\Partition0 - ok

20:04:19.0662 4912 Boot (0x1200) (0acc14ed84f7df8b90e0b9e3d4fe27da) \Device\Harddisk0\DR0\Partition1

20:04:19.0663 4912 \Device\Harddisk0\DR0\Partition1 - ok

20:04:19.0667 4912 Boot (0x1200) (613ca9fdb8adc6e84b3c7a0c600a9f98) \Device\Harddisk1\DR1\Partition0

20:04:19.0668 4912 \Device\Harddisk1\DR1\Partition0 - ok

20:04:19.0669 4912 ============================================================

20:04:19.0670 4912 Scan finished

20:04:19.0670 4912 ============================================================

20:04:19.0680 4880 Detected object count: 2

20:04:19.0680 4880 Actual detected object count: 2

20:04:40.0599 4880 HKLM\SYSTEM\ControlSet001\services\eb289bdd - will be deleted on reboot

20:04:40.0632 4880 HKLM\SYSTEM\ControlSet003\services\eb289bdd - will be deleted on reboot

20:04:40.0642 4880 C:\Windows\3717933291:349660194.exe - will be deleted on reboot

20:04:40.0643 4880 eb289bdd ( HiddenFile.Multi.Generic ) - User select action: Delete

20:04:40.0892 4880 Backup copy found, using it..

20:04:40.0898 4880 C:\Windows\system32\drivers\Npfs.sys - will be cured on reboot

20:04:40.0898 4880 Npfs ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

20:04:47.0383 4444 Deinitialize success

[Malwarebytes stops running, even in safe mode]

First thing I got was a message saying, "Current date is 2011-10-28. Combofix has expired. Click "Yes" to run in REDUCED FUNCTIONALITY mode."

Will I have to download again and re-install?

[Malwarebytes stops running, even in safe mode]

Left it overnight and still had the blinking cursor. Power cycled manually; now running Combofix.

[Malwarebytes stops running, even in safe mode]

I ran TDSSKiller and it had to reboot - now I'm just seeing a black screen with a blinking cursor. Is this normal? How long does it usually take the machine to reboot after TDSSKiller runs? I've been seeing the blinking cursor for about 5 minutes so far.

[Malwarebytes stops running, even in safe mode]

Will try that tonight - the good news is, I now have a handy thumb drive stuffed with anti-malware goodness...

[Malwarebytes stops running, even in safe mode]

Another data point: I saw an error this morning that I'd never seen before. An error window popped up saying "Login process failed to create the security options dialogue. Failure - security options."

[Malwarebytes stops running, even in safe mode]

To add insult to injury, if I go into the programs menu and select the MBAM folder and click on the MBAM icon, I get the error message: Windows cannot access the specified drive, path, or file. You may not have the appropriate permissions to access the item."

[Malwarebytes stops running, even in safe mode]

Since my infected computer still doesn't connect to the Internet, I'm having to do the thumb drive shuffle. This is causing problems when trying to install and run MBAM.

Here is what I do:

1. Download mbam-setup to my thumb drive from a good computer.
   
2. plug the drive into my infected comupter.
   
3. double-click on mbam-setup from the thumb drive directory.
   
4. choose C:\Program Files\Malwarebytes' Anti-Malware as the destination directory.
   
5. Choose the start menu folder and start installing.
   
6. Click on "Finish" when it finishes installing, and check the update option.
   
7. At this point it gives the following error: PROGRAM_ERROR_UPDATING (11004, 0, No address found) The requested name is valid, but no data of the requested type was found.
   
8. Click "OK" to proceed - it tells me that the database is outdated by 56 days. I click "no" to the update option (no connection with which to update).
   
9. MBAM main window comes up and gives me the option to scan. I choose "Perform quick scan".
   
10. It stops running after only about 2 seconds.
    

[Malwarebytes stops running, even in safe mode]

I will re-install it and report the results.

FYI, I'll be away from my home office during the work day for the next few days, so I'll be replying early in the morning or late in the evening, but I am still sticking with this.

[Malwarebytes stops running, even in safe mode]

After those results, I'm going to hold off on trying MBAM - but if you still want me to run it after seeing that, I will do so.

[Malwarebytes stops running, even in safe mode]

Below are the results of perms.txt. It doesn't look good.

GrantPerms by Farbar

Ran by Jim Kasprzak 4 at 2011-10-24 20:49:32

===============================================

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\Jim Kasprzak 2 > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\Jim Kasprzak 3 > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\RA Media Server > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Windows Defender > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Network\Downloader > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Network\Downloader: Access is denied. > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search\Data\Temp\usgthrsvc > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search Enhancement Pack\SeaPort\SeaNote.cab > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search Enhancement Pack\SeaPort\SearchBoxExt.cab > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\Search Enhancement Pack\SeaPort\SHelper.cab > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\User Account Pictures\Jim Kasprzak 2.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\User Account Pictures\Jim Kasprzak 3.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\User Account Pictures\Jim Kasprzak.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Documents and Settings\All Users\Microsoft\User Account Pictures\RA Media Server.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\McAfee\Supportability\MVT\Res\Common\MvtCommon.dll > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\McAfee\Supportability\MVT\Res\en-us\MvtOffResource.dll > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\McAfee\VirusScan\DAT\6492.0\bootclean.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\McAfee\VirusScan\DAT\6492.0\bootnames.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Program Files\McAfee\VirusScan\DAT\6492.0\bootscan.dat > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\ProgramData\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\ProgramData\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\ProgramData\Application Data\ > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Users\Jim Kasprzak\AppData > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Users\Jim Kasprzak 4\Downloads > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\$NtUninstallKB36618$ > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\Prefetch > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\ServiceProfiles > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\ServiceProfiles\NetworkService > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\configc:\Windows\System32\ias > failed with: The filename, directory name, or volume label syntax is incorrect.

Operating system error message: The filename, directory name, or volume label syntax is incorrect.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\Msdtc > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\networklist > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\WDI > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\wfp > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

ERROR: Parsing the SD of <\\?\c:\Windows\System32\wbem > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

\\?\c:\Windows\System32\winevt

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

[Malwarebytes stops running, even in safe mode]

If it helps to understand how/why this happened: I had malware infections in the past that McAfee or MBAM could cure, but my profiles got corrupted on a few occasions and I had to create new ones. Not sure why that led to the massively nested Application Data files, though.

[Malwarebytes stops running, even in safe mode]

Not what anyone wants to hear from a virus analysis... but at least it's not as bad as hearing the same thing from your doctor. I hope someone can help root out this problem.

[Malwarebytes stops running, even in safe mode]

Zipping got it down to 343 KB. Let's see if this attachment works.

junctionlog.zip

[Malwarebytes stops running, even in safe mode]

This is going to take all night, there is 15MB or more of this.

[Malwarebytes stops running, even in safe mode]

Part 2:

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\McAfee\MCLOGS: Access is denied.

...

...

...

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\32d7c9d75b21a749ffe34489463e4ed6_b0183c16-fae3-4c2e-b2a5-81fe54763761: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_b0183c16-fae3-4c2e-b2a5-81fe54763761: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\logs\eHomeLog00.sqm: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\logs\eHomeLog01.sqm: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\usgthrsvc: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search Enhancement Pack\SeaPort\SeaNote.cab: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search Enhancement Pack\SeaPort\SearchBoxExt.cab: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search Enhancement Pack\SeaPort\SHelper.cab: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Jim Kasprzak 2.dat: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Jim Kasprzak 3.dat: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Jim Kasprzak.dat: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RA Media Server.dat: Access is denied.

.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report009f9d09: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0191d873: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report04046392: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report040be8a9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report041c3b2b: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report042d4b80: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report044107ad: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0444d336: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report044c6fe2: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454af51: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454b1c1: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454b77b: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454ba87: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454bc6b: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454bdf1: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0454bf58: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0460afde: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0460b089: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0460b2f9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\Report0460b366: Access is denied.

[Malwarebytes stops running, even in safe mode]

Part 1:

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION

Print Name : C:\Users

Substitute Name: C:\Users

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\MSOCache: Access is denied.

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\PerfLogs: Access is denied.

Failed to open \\?\c:\\System Recovery: Access is denied.

Failed to open \\?\c:\\System Volume Information: Access is denied.

\\?\c:\\Documents and Settings\All Users: SYMBOLIC LINK

Print Name : C:\ProgramData

Substitute Name: \??\C:\ProgramData

\\?\c:\\Documents and Settings\Default User: JUNCTION

Print Name : C:\Users\Default

Substitute Name: C:\Users\Default

Failed to open \\?\c:\\Documents and Settings\Jim Kasprzak 2: Access is denied.

Failed to open \\?\c:\\Documents and Settings\Jim Kasprzak 3: Access is denied.

Failed to open \\?\c:\\Documents and Settings\RA Media Server: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

.\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop: JUNCTION

Print Name : C:\Users\Public\Desktop

Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents: JUNCTION

Print Name : C:\Users\Public\Documents

Substitute Name: C:\Users\Public\Documents

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Favorites: JUNCTION

Print Name : C:\Users\Public\Favorites

Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates: JUNCTION

Print Name : C:\ProgramData\Microsoft\Windows\Templates

Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}: Access is denied.

\\?\c:\\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION

Print Name : C:\ProgramData

Substitute Name: C:\ProgramData

[Malwarebytes stops running, even in safe mode]

This worked and got us results, but the log is enormous (16,357 KB). If I try to paste it into the forum, my browser crashes. What's the best way to get the information to you? Attachment? Zip file? Break it into pieces? Email?