Jump to content

PLS Help: Braviax/Monopod Infection- Nothing removing it! Help


Recommended Posts

Hi everyone. I am new. Please help me if you can.

I am running Vista. I have HJT on it but it will not even open. Internet explorer will redirect to random spam sites.

When I tried running HJT, I received an error saying access is denied because I dont have permission, and I am the admin. So I went ahead and changed permissions by stating owner and admin in properties- then security tab. This worked for about 5 seconds.

I took a prnt screen before it disappeared 2 seconds later and it said:

04-hklm\ Run: (braviax) C:\windows\system32\braviax.exe

04-hkcu\ Run: (monopod) C:\users\Yvette\appdata\local\temp\b.exe

04-hkcu\ Run: (braviax) C:\windows\system32\braviax.exe

Then the window disappeared. I have tried renaming hjt- doesnt work. I have changed permissions- works for 2 seconds until you start the exe and then wont work again.

Then I saw this:

http://www.myantispyware.com/2008/03/15/ho...cru629-malware/

So I disconnected my pc from the net and I am using my laptop to find help.

I downloaded SDFIX and MBAM ,and put it on cd and transferred it to the pc in Normal mode. Should I have done this in safe mode?

I then rebooted went into safe mode and started sdfix bu running runthis. The window popped open and closed.

I then tried MBAM. I started to load it and got error 732, then the window close and the application started. I started to do a scan and it closed and disappeared.

SO what do I do? I am at a loss.

Please help me.

Godivafilm

Link to post
Share on other sites

I tried running Rootrepeal - downloaded to my laptop and burned to cd and put on the vista pc.

I double clicked it and it said:

X

FOPS- DeviceIoControl Error!! Error code= 0000024 Extended Info (0x00000110)

Can someone pls help me? I have a 500gb full of important things and I do not want to reformat.

Link to post
Share on other sites

  • Staff

Hi godivafilm and welcome to Malwarebytes.

Please be patient as you wait for help. There are hundreds of others who have posted before you.

Please post in a normal font size and color so it's easier on our eyes...

Please delete your copy of Win32kDiag.

Please save this file to your Desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with Notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Try to run MBAM now.

-screen317

Link to post
Share on other sites

Ok I repeated the process and I have the diag log- But I cannot run Mbam still. Here is the log:

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-08-21 18:04:48 158096 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-08-21 18:07:50 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-08-21 18:07:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-08-21 18:07:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\bad\bad

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\good\good

Cannot access: C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Cannot access: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl

Attempting to restore permissions of : C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl

[1] 2009-08-21 11:44:46 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{1aba14c4-d830-4d37-864b-a8b67de4e1f9}\snapshot.etl ()

[1] 2009-08-20 18:41:00 196608 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{c3ee06aa-07c9-4798-a48c-9ae5e03c11b9}\snapshot.etl ()

[1] 2009-08-21 01:21:06 180224 C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{fec175aa-8a18-4729-a9c0-5d058992b5a3}\snapshot.etl ()

[1] 2009-08-21 11:44:46 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{07abb119-f39f-44a8-8ad2-052bc4b155e6}\snapshot.etl ()

[1] 2009-08-21 01:21:06 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{0917f8e1-997a-4896-8e03-97caed54067a}\snapshot.etl ()

[1] 2009-08-10 10:50:30 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{16f55632-23c1-42c2-a76a-b980c42ac877}\snapshot.etl ()

[1] 2009-08-21 02:53:48 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{205b55c6-b970-4495-87ef-f1f2e36e7656}\snapshot.etl ()

[1] 2009-08-20 22:26:22 212992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3a4d56a9-b51a-47e4-b5ad-192d3c8064e9}\snapshot.etl ()

[1] 2009-08-21 12:25:45 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4ed6c641-8e0a-40ec-869d-caa2f62ce349}\snapshot.etl ()

[1] 2009-08-20 15:42:20 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5ac3b609-bdfa-4d3f-9d9a-a3a9b04348c0}\snapshot.etl ()

[1] 2009-08-09 14:19:25 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{5cd230d9-ee2c-4718-9c09-710eceacbbfc}\snapshot.etl ()

[1] 2009-08-19 18:56:01 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{638bb7be-28e0-4dd3-8983-8c74a58535a1}\snapshot.etl ()

[1] 2009-08-21 02:09:51 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7451b8ae-fe7c-4338-89ff-29a7b3ea975c}\snapshot.etl ()

[1] 2009-08-12 17:35:50 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{87267bf8-67b6-4e71-97a7-5089b000000a}\snapshot.etl ()

[1] 2009-08-04 16:22:45 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{8eccf360-7f13-44b5-93dc-125ba8010f42}\snapshot.etl ()

[1] 2009-08-05 17:40:19 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{97e0faf8-b375-453e-872c-e570bac5552b}\snapshot.etl ()

[1] 2009-08-07 11:59:58 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{99e5c888-d35f-4912-9a29-618eee4e394a}\snapshot.etl ()

[1] 2009-08-14 07:31:20 262144 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b0cfb4b3-34d9-461e-89e2-17bef6048166}\snapshot.etl ()

[1] 2009-08-03 12:15:13 278528 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{bc2a5164-5507-42ed-8290-d06729654ea3}\snapshot.etl ()

[1] 2009-08-20 19:09:18 245760 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{e3e781c2-8b6a-4a84-a81e-5115a4c49604}\snapshot.etl ()

Found mount point : C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}

Found mount point : C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}

Cannot access: C:\Windows\System32\WerFault.exe

Attempting to restore permissions of : C:\Windows\System32\WerFault.exe

[1] 2006-11-02 05:45:54 216064 C:\Windows\System32\WerFault.exe (Microsoft Corporation)

[1] 2006-11-02 05:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Finished!

Link to post
Share on other sites

I had to reformat last night. Nothing would run- device manager and even some other apps were saying it was marked for deletion. So I reformatted.

BUT now I cant find windows.old so I can delete that so it wont get on the clean version of vista home. I went to disk cleanup and it wasnt there.

Also I just ran HJT on the clean version after installing most of my programs back and it seems clean BUT it has a search assisnat on it that will NOT delete. what can I do? I will post new log.

Screenie pls help. Its been a long two days lol.

Link to post
Share on other sites

Here is the new log of the clean version I just installed.

Simply fixing this following two will not work- pls help if u can:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:53:21 PM, on 8/22/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 2323 bytes

Link to post
Share on other sites

  • Staff

godivafilm,

BUT now I cant find windows.old so I can delete that so it wont get on the clean version of vista home. I went to disk cleanup and it wasnt there.

If you actually formatted and didn't just do an over-the-top installation, Windows.old wont exist.

Simply fixing this following two will not work- pls help if u can:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Those are default Vista values. Don't touch them.

1) It is imperative that you have an antivirus. You are basically asking for infection without one. :lol:

All of the following are excellent free antiviruses. Be sure to only install one.

AVG

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

Yay so I am clean?!!! WOOHOOOO! TY Screenie. I almost cried when I had to reformat but it was everywhere- no other option really.

I will start to install your suggestions asap.

AVG

AntiVir

avast!.

which one is best?

BTW I do have adaware, spydoctor and windows defender on atm. Is that good or bad? Should I delete one or do what??

Everywhere I was reading about that search assistant for HJT - everyone was saying to delete it that it was smitfraud.

Also - just one more question. I am admin on my user. Why- for every single application- it asks me if I should continue to run it? IS there a way to get rid of this as its annoying.

TY screenie:P

Link to post
Share on other sites

  • Staff
Yay so I am clean?!!!
It appears that way, though I wish you didn't format. We were near the end of the process and almost had it beat.
AVG

AntiVir

avast!.

which one is best?

I use Antivir if that matters. Whichever you pick is fine.
BTW I do have adaware, spydoctor and windows defender on atm. Is that good or bad? Should I delete one or do what??
I would uninstall Ad-Aware and SpyDoctor. MBAM does the same thing, except better. Windows Defender is on by default with Vista.
Everywhere I was reading about that search assistant for HJT - everyone was saying to delete it that it was smitfraud.
Notice how your value is empty. If the infection was present, there would be a file associated.
Also - just one more question. I am admin on my user. Why- for every single application- it asks me if I should continue to run it? IS there a way to get rid of this as its annoying.
That is called UAC (User Account Control), and it is a vital security measure added with Vista. I do not recommend getting rid of it. Windows 7 is coming out soon and it allows for far more customization of UAC than Vista does.

Let me know if there's anything else I can help with.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.