CanHazTrojanz?
Posts: 106 +0
Those are the 21 threats it found and cleaned.
Solved File recovery rogue scanner infection
- Thread starter CanHazTrojanz?
- Start date
Broni
Posts: 56,041 +516
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/
=============================
Next...
===============================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
13. Please, let me know, how your computer is doing.
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/
=============================
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next...
- Double click on adwcleaner.exe to run the tool.
- Click on Uninstall.
- Confirm with yes.
===============================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
13. Please, let me know, how your computer is doing.
CanHazTrojanz?
Posts: 106 +0
# AdwCleaner v2.001 - Logfile created 09/10/2012 at 23:36:28
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : IdHusseys - IDHUSSEYS-PC
# Boot Mode : Normal
# Running from : C:\Users\IdHusseys\Desktop\adwcleaner(1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Users\IdHusseys\AppData\Local\Ilivid Player
***** [Registry] *****
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v21.0.1180.89
File : C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1612 octets] - [10/09/2012 18:09:55]
AdwCleaner[S1].txt - [2182 octets] - [10/09/2012 23:36:28]
########## EOF - C:\AdwCleaner[S1].txt - [2242 octets] ##########
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : IdHusseys - IDHUSSEYS-PC
# Boot Mode : Normal
# Running from : C:\Users\IdHusseys\Desktop\adwcleaner(1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Users\IdHusseys\AppData\Local\Ilivid Player
***** [Registry] *****
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v21.0.1180.89
File : C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1612 octets] - [10/09/2012 18:09:55]
AdwCleaner[S1].txt - [2182 octets] - [10/09/2012 23:36:28]
########## EOF - C:\AdwCleaner[S1].txt - [2242 octets] ##########
CanHazTrojanz?
Posts: 106 +0
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IdHusseys
->Temp folder emptied: 3256 bytes
->Temporary Internet Files folder emptied: 2351427 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3486 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: IdHusseys
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: IdHusseys
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_234208
Files\Folders moved on Reboot...
C:\Users\IdHusseys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IdHusseys
->Temp folder emptied: 3256 bytes
->Temporary Internet Files folder emptied: 2351427 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3486 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: IdHusseys
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: IdHusseys
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_234208
Files\Folders moved on Reboot...
C:\Users\IdHusseys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
CanHazTrojanz?
Posts: 106 +0
I'm in the process of uninstalling the various software using the Revo Uninstaller, while that's going on I'm trying to get to YouTube.com and it redirects to a weird page:
http://www.youtube.com/lohp
That page has this as its HTML:
<!DOCTYPE html><html lang="en" dir="ltr" ><!-- machid: nWUxLTF9mYXdnanVINnRiU0E5ZDNHemZuYVYwZjdhelA1OGFDMU1LZ01FWWlwLU55UDh3Qy1R -->
I'm not sure why it's redirecting there...
http://www.youtube.com/lohp
That page has this as its HTML:
<!DOCTYPE html><html lang="en" dir="ltr" ><!-- machid: nWUxLTF9mYXdnanVINnRiU0E5ZDNHemZuYVYwZjdhelA1OGFDMU1LZ01FWWlwLU55UDh3Qy1R -->
I'm not sure why it's redirecting there...
CanHazTrojanz?
Posts: 106 +0
Nevermind about YouTube's HTML, apparently they experiment time to time. Found a topic about it in the Google forums. Cleared my cookies and logged in and it seemed fine.
Thanks for all your help. One final question: do you even use Windows? Or are you running Linux or Unbutu, etc.? I'm wondering how the techs on Techspot avoid being hacked.
Thanks for all your help. One final question: do you even use Windows? Or are you running Linux or Unbutu, etc.? I'm wondering how the techs on Techspot avoid being hacked.
CanHazTrojanz?
Posts: 106 +0
Broni, you helped me get my PC back under control, but one thing that didn't resolve was the issue of getting full access to my files.
For example, I have SEO software that allows me to upload fresh proxies before running. I also have software that needs updating, but when I try to write over the old files (updating or changing proxies), I am given an "Access Denied" error.
When I check the "program (x86)" folder (I am running Windows 7 64 bit), I see the permissions are set to "read only."
When I try to reset the permissions to "full" under "Security > Advanced" as recommended by Microsoft here:
http://windows.microsoft.com/en-US/...t-access-denied-when-opening-files-or-folders
...I still get the "Access Denied" error. Every time I un-check "read only" or try to give myself "ownership" (under Security > Advanced, as Microsoft recommended), the dialog opens up and it seems to work, as if it's changing the permissions/ownership: but it keeps reverting back to read-only, and my software will not allow updates or anything that has to do with writing into the file (like updating proxies).
Since this was a recent infection I'm not sure if I need to run the 5 steps all over again, or if Broni has other suggestions (or anyone else). Please let me know ASAP as I've got to access these tools in order to work for my clients and my own projects.
Just to be clear:
I can reset permissions, or at least claim ownership of files/folders...what I can't do is to have my folders retain the permissions I set. They keep reverting to "read only" and every time I try to update my software or try to update proxies for the software I'm using, I get "Access Denied" errors.
For example, I have SEO software that allows me to upload fresh proxies before running. I also have software that needs updating, but when I try to write over the old files (updating or changing proxies), I am given an "Access Denied" error.
When I check the "program (x86)" folder (I am running Windows 7 64 bit), I see the permissions are set to "read only."
When I try to reset the permissions to "full" under "Security > Advanced" as recommended by Microsoft here:
http://windows.microsoft.com/en-US/...t-access-denied-when-opening-files-or-folders
...I still get the "Access Denied" error. Every time I un-check "read only" or try to give myself "ownership" (under Security > Advanced, as Microsoft recommended), the dialog opens up and it seems to work, as if it's changing the permissions/ownership: but it keeps reverting back to read-only, and my software will not allow updates or anything that has to do with writing into the file (like updating proxies).
Since this was a recent infection I'm not sure if I need to run the 5 steps all over again, or if Broni has other suggestions (or anyone else). Please let me know ASAP as I've got to access these tools in order to work for my clients and my own projects.
Just to be clear:
I can reset permissions, or at least claim ownership of files/folders...what I can't do is to have my folders retain the permissions I set. They keep reverting to "read only" and every time I try to update my software or try to update proxies for the software I'm using, I get "Access Denied" errors.
Broni
Posts: 56,041 +516
Lets run the following tool. This will help determine which files need permissions restored.
Please download and save Junction.zip
Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.
Please download and save Junction.zip
Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.
CanHazTrojanz?
Posts: 106 +0
I entered that cmd line into the "start search" box and the DOS box remains blank with a blinking cursor.
Then I entered the command into the cmd box (everything after /c), and was told that "/c" is not recognized as a command or folder (I can run it again and take a screenshot for the actual verbiage).
About how long should the scan take to produce the log?
Then I entered the command into the cmd box (everything after /c), and was told that "/c" is not recognized as a command or folder (I can run it again and take a screenshot for the actual verbiage).
About how long should the scan take to produce the log?
CanHazTrojanz?
Posts: 106 +0
That was weird. I decided to uninstall and unzip/redo the installation, etc...and found this waiting for me:
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users
Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.
Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData
\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop
\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents
\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites
\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu
\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates
...
...
...
...
...
...
...
...
..
Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.
Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{54e9864c-fc4b-11e1-bdf1-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{5ca190f8-fd5b-11e1-8cdd-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2b7-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2ce-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2f9-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c31a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c496-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c4ff-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c6be-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c79a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{ac868f97-fc4d-11e1-846d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{b9d9ba86-fde9-11e1-82ef-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780029a-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780047b-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800522-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780084e-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c78008af-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800927-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780095f-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800978-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{ef0d1783-fc61-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
.\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData
\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default
\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData
\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop
\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents
\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites
\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu
\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates
...
...
...\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming
\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local
\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents
\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local
\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History
\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music
\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures
\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos
\\?\c:\\Users\IdHusseys\Application Data: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming
Substitute Name: C:\Users\IdHusseys\AppData\Roaming
\\?\c:\\Users\IdHusseys\Cookies: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies
\\?\c:\\Users\IdHusseys\Local Settings: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local
Substitute Name: C:\Users\IdHusseys\AppData\Local
\\?\c:\\Users\IdHusseys\My Documents: JUNCTION
Print Name : C:\Users\IdHusseys\Documents
Substitute Name: C:\Users\IdHusseys\Documents
\\?\c:\\Users\IdHusseys\NetHood: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Users\IdHusseys\PrintHood: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Users\IdHusseys\Recent: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Users\IdHusseys\SendTo: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Users\IdHusseys\Start Menu: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Users\IdHusseys\Templates: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Users\IdHusseys\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local
Substitute Name: C:\Users\IdHusseys\AppData\Local
\\?\c:\\Users\IdHusseys\AppData\Local\History: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History
\\?\c:\\Users\IdHusseys\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files
...
.
Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.
Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.
..
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...\\?\c:\\Users\IdHusseys\Documents\My Music: JUNCTION
Print Name : C:\Users\IdHusseys\Music
Substitute Name: C:\Users\IdHusseys\Music
\\?\c:\\Users\IdHusseys\Documents\My Pictures: JUNCTION
Print Name : C:\Users\IdHusseys\Pictures
Substitute Name: C:\Users\IdHusseys\Pictures
\\?\c:\\Users\IdHusseys\Documents\My Videos: JUNCTION
Print Name : C:\Users\IdHusseys\Videos
Substitute Name: C:\Users\IdHusseys\Videos
...
\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music
\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures
\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
.\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming
\\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local
\\?\c:\\Windows\SysWOW64\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents
\\?\c:\\Windows\SysWOW64\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Windows\SysWOW64\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Windows\SysWOW64\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Windows\SysWOW64\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Windows\SysWOW64\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos
..
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
.
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users
Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.
Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData
\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop
\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents
\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites
\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu
\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates
...
...
...
...
...
...
...
...
..
Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.
Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{54e9864c-fc4b-11e1-bdf1-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{5ca190f8-fd5b-11e1-8cdd-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2b7-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2ce-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c2f9-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c31a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c496-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c4ff-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c6be-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{a3c9c79a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{ac868f97-fc4d-11e1-846d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{b9d9ba86-fde9-11e1-82ef-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780029a-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780047b-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800522-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780084e-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c78008af-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800927-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c780095f-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{c7800978-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
Failed to open \\?\c:\\System Volume Information\{ef0d1783-fc61-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.
.\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData
\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default
\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData
\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop
\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents
\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites
\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu
\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates
...
...
...\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming
\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local
\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents
\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local
\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History
\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music
\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures
\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos
\\?\c:\\Users\IdHusseys\Application Data: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming
Substitute Name: C:\Users\IdHusseys\AppData\Roaming
\\?\c:\\Users\IdHusseys\Cookies: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies
\\?\c:\\Users\IdHusseys\Local Settings: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local
Substitute Name: C:\Users\IdHusseys\AppData\Local
\\?\c:\\Users\IdHusseys\My Documents: JUNCTION
Print Name : C:\Users\IdHusseys\Documents
Substitute Name: C:\Users\IdHusseys\Documents
\\?\c:\\Users\IdHusseys\NetHood: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Users\IdHusseys\PrintHood: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Users\IdHusseys\Recent: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Users\IdHusseys\SendTo: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Users\IdHusseys\Start Menu: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Users\IdHusseys\Templates: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Users\IdHusseys\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local
Substitute Name: C:\Users\IdHusseys\AppData\Local
\\?\c:\\Users\IdHusseys\AppData\Local\History: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History
\\?\c:\\Users\IdHusseys\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files
...
.
Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.
Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.
..
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...\\?\c:\\Users\IdHusseys\Documents\My Music: JUNCTION
Print Name : C:\Users\IdHusseys\Music
Substitute Name: C:\Users\IdHusseys\Music
\\?\c:\\Users\IdHusseys\Documents\My Pictures: JUNCTION
Print Name : C:\Users\IdHusseys\Pictures
Substitute Name: C:\Users\IdHusseys\Pictures
\\?\c:\\Users\IdHusseys\Documents\My Videos: JUNCTION
Print Name : C:\Users\IdHusseys\Videos
Substitute Name: C:\Users\IdHusseys\Videos
...
\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music
\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures
\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
.\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming
\\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local
\\?\c:\\Windows\SysWOW64\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents
\\?\c:\\Windows\SysWOW64\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
\\?\c:\\Windows\SysWOW64\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
\\?\c:\\Windows\SysWOW64\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
\\?\c:\\Windows\SysWOW64\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
\\?\c:\\Windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
\\?\c:\\Windows\SysWOW64\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures
\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos
..
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
.
CanHazTrojanz?
Posts: 106 +0
So I created a new administrator account and it couldn't access the internet, nor could I update my proxies on the tools I'm using. It's the same "Access Denied" error.
CanHazTrojanz?
Posts: 106 +0
There are 78 folders in the particular directory "Programs (x86)" but the "permissions" error seems to be happening on all my folders in the C: drive.
I haven't checked "all" my folders, I just caught this error because I need to use 2 programs to make progress on client work and I can't get my software to update nor to change things like rotating proxies. Other software that doesn't require proxy rotation seems to be fine (*although I just checked and the "other software" I've used today resides in the /Programs folder, not /Programs (x86) - and it doesn't require proxies).
They all reset to "read only" and even if I claim ownership I can't change that, it still reverts to "read only." I can use various document tools and save those to the desktop like normal; spreadsheets are fine, etc. But using and upgrading key software I can't escape the error nor can I use the software.
I'm not sure if I can use the software if I reinstalled in another folder or not, but it's frustrating to say the least.
I haven't checked "all" my folders, I just caught this error because I need to use 2 programs to make progress on client work and I can't get my software to update nor to change things like rotating proxies. Other software that doesn't require proxy rotation seems to be fine (*although I just checked and the "other software" I've used today resides in the /Programs folder, not /Programs (x86) - and it doesn't require proxies).
They all reset to "read only" and even if I claim ownership I can't change that, it still reverts to "read only." I can use various document tools and save those to the desktop like normal; spreadsheets are fine, etc. But using and upgrading key software I can't escape the error nor can I use the software.
I'm not sure if I can use the software if I reinstalled in another folder or not, but it's frustrating to say the least.
Broni
Posts: 56,041 +516
Download Windows Repair (all in one) from this site
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
Click on box next to the Restart System when Finished. Then click on Start.
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
Click on box next to the Restart System when Finished. Then click on Start.
CanHazTrojanz?
Posts: 106 +0
It's still working on the final step but unlike last time, there aren't as many "failed" fixes. Hopefully this gets it done, am I to upload any logs this time around?
CanHazTrojanz?
Posts: 106 +0
OK it's done but I don't see any files to show you if there were any.
CanHazTrojanz?
Posts: 106 +0
I checked to see if I can use my programs now, it's not fixed. Same access denied error. The "programs (x86)" file is still defaulting to 'read only' but if I check my permissions, my username/admin account has full permission/full control of the entire folder and its contents. It's also what I'm logged in under.
CanHazTrojanz?
Posts: 106 +0
It's weird: if I access the file from Windows Explorer > Computer > C > Programs x86, the permissions show I've got full control permissions. I checked the start menu and that folder showed permissions were "special permissions" only, so I set those to full control. That still didn't work, though. I can't use the tool.
CanHazTrojanz?
Posts: 106 +0
It's not just the /programs (x86) folder. I have software saved to my desktop in different folders, apart from the programs folders. That won't update, either. On the other hand, Avast will update just fine, as will Malwarebytes. It's just certain tools I use for my productivity that won't work - and I've tried uninstalling/re-installing.
Broni
Posts: 56,041 +516
Take ownership of any folder which gives you problems: http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/
CanHazTrojanz?
Posts: 106 +0
That took a while but it didn't change things. I even narrowed it down to the program folder of the particular software (there are 2 programs I'm trying to run) - no difference.
Broni
Posts: 56,041 +516
We ran Windows repair program twice and it still lists number of errors.
I'm fairly sure your Windows installation is simply beyond repair and fresh installation may be your only option.
That's my opinion. If you wish you can always create new topic in Windows forum to see if others have some different ideas.
I'm fairly sure your Windows installation is simply beyond repair and fresh installation may be your only option.
That's my opinion. If you wish you can always create new topic in Windows forum to see if others have some different ideas.
Similar threads
Latest posts
-
Astronomers gather additional evidence suggesting Planet Nine is real- Lew Zealand replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
