Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
46 replies to this topic

#1 shearingsheep

shearingsheep

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 18 September 2011 - 10:41 PM

Hi, I've run into this problem recently and can't figure out how to take it out. I'm running a Vista Ultimate, 32-bit. All the AV programs I've been using or tried shut down almost immediately after I start a scan. I had trouble with the GMER, it closed every time the scan ended.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_27
Run by Owner at 23:12:54 on 2011-09-18
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.949.82.1033.18.2038.1285 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\566170493:2196521182.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Owner\Downloads\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAAyADUAOAA4ADUANAAwADcALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADEAOAA2ADYAOAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0598B37E-0C9A-4F22-92EA-42268F8A6EB4} : DhcpNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{BB085CF0-3B9E-4A3F-A756-B7C505A6CA55} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: yxipcon - c:\windows\system32\config\systemprofile\appdata\local\yxipcon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zjmea6hy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/topic385878.html
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-18 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-18 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-18 656320]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-9-18 243152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-18 232512]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-18 233976]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 itlperf;Network Location Awarenes;c:\windows\system32\svchost.exe -k itnetsvcs [2006-11-2 22016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-18 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-18 371472]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-18 1117144]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2010-7-31 812544]
.
=============== File Associations ===============
.
scrfile="%1" /S
.
=============== Created Last 30 ================
.
2011-09-19 02:17:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-19 02:17:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-19 02:16:23 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2011-09-19 02:15:59 -------- d-----w- c:\programdata\!SASCORE
2011-09-19 02:15:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-19 02:15:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-19 00:35:16 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-09-19 00:35:15 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-19 00:35:11 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-09-19 00:35:10 84480 ----a-w- c:\windows\system32\mscories.dll
2011-09-19 00:35:10 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-09-19 00:24:08 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-19 00:24:08 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-19 00:24:06 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-19 00:24:06 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-19 00:23:48 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-19 00:23:48 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-19 00:23:45 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-19 00:23:37 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-19 00:23:25 -------- d-----w- c:\program files\PC Tools Security
2011-09-19 00:23:25 -------- d-----w- c:\program files\common files\PC Tools
2011-09-19 00:21:01 -------- d-----w- c:\programdata\PC Tools
2011-09-18 23:07:45 -------- d-----w- c:\program files\Safe Returner
2011-09-18 23:05:52 -------- d-----w- c:\program files\common files\ParetoLogic
2011-09-18 22:53:57 -------- d-----w- c:\users\owner\appdata\roaming\ParetoLogic
2011-09-18 22:53:57 -------- d-----w- c:\users\owner\appdata\roaming\DriverCure
2011-09-18 22:47:10 -------- d-----w- c:\programdata\ParetoLogic
2011-09-18 22:47:10 -------- d-----w- c:\program files\ParetoLogic
2011-09-18 22:29:08 2 --shatr- c:\windows\winstart.bat
2011-09-18 22:28:59 -------- d-----w- c:\program files\UnHackMe
2011-09-18 22:24:39 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-09-18 22:13:10 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-18 22:10:51 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-18 22:10:45 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-09-18 21:53:57 48016 --sha-w- c:\windows\system32\c_46510.nl_
2011-09-18 21:48:40 -------- d-----w- c:\program files\CCleaner
2011-09-18 20:52:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-18 20:51:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-18 20:29:45 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-09-18 10:33:37 218624 ----a-w- c:\windows\system32\ineltw32.dll
2011-09-18 06:49:33 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-09-18 06:49:25 -------- d-----w- c:\programdata\Malwarebytes
2011-09-18 06:12:05 288 ----a-w- c:\users\owner\appdata\roaming\9AD85BE5.reg
2011-09-18 06:11:57 -------- d-----w- c:\users\owner\appdata\roaming\OpenCloud Security
2011-09-15 19:58:32 279040 ----a-w- c:\windows\system32\VCT32150.dll
2011-09-15 17:35:16 -------- d-----w- c:\users\owner\appdata\local\PMB Files
2011-09-01 01:54:05 -------- d-----w- c:\program files\Total War
2011-08-31 01:56:53 81920 ----a-w- c:\program files\common files\installshield\updateservice\issch.exe
2011-08-31 01:56:53 368640 ----a-w- c:\program files\common files\installshield\updateservice\_isusres.dll
2011-08-31 01:56:52 618496 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2011-08-31 01:56:52 278528 ----a-w- c:\program files\common files\installshield\updateservice\ISDM.exe
2011-08-26 05:08:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-09-18 22:06:26 74752 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-18 21:59:41 270336 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-18 20:29:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:13:36.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 04:08 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 08:48 AM

I tried opening ComboFix but it closes on me before finishing, often with the following error

Error opening file for writing

C:\32788R22FWJFW\iexplore.exe

Retry fails and when I try Ignore, it closes after a few seconds

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 11:48 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 12:29 PM

Just ran TDSSKiller. After the reboot, during login, I got a couple popup ads.

2011/09/19 13:17:31.0135 3164 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/19 13:17:31.0447 3164 ================================================================================
2011/09/19 13:17:31.0447 3164 SystemInfo:
2011/09/19 13:17:31.0447 3164
2011/09/19 13:17:31.0447 3164 OS Version: 6.0.6000 ServicePack: 0.0
2011/09/19 13:17:31.0447 3164 Product type: Workstation
2011/09/19 13:17:31.0447 3164 ComputerName: OWNER-PC
2011/09/19 13:17:31.0447 3164 UserName: Owner
2011/09/19 13:17:31.0447 3164 Windows directory: C:\Windows
2011/09/19 13:17:31.0447 3164 System windows directory: C:\Windows
2011/09/19 13:17:31.0447 3164 Processor architecture: Intel x86
2011/09/19 13:17:31.0447 3164 Number of processors: 2
2011/09/19 13:17:31.0447 3164 Page size: 0x1000
2011/09/19 13:17:31.0447 3164 Boot type: Normal boot
2011/09/19 13:17:31.0447 3164 ================================================================================
2011/09/19 13:17:34.0848 3164 Initialize success
2011/09/19 13:17:36.0408 4156 ================================================================================
2011/09/19 13:17:36.0408 4156 Scan started
2011/09/19 13:17:36.0408 4156 Mode: Manual;
2011/09/19 13:17:36.0408 4156 ================================================================================
2011/09/19 13:17:37.0719 4156 7d13bf21 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\566170493:2196521182.exe
2011/09/19 13:17:37.0719 4156 Suspicious file (Hidden): C:\Windows\566170493:2196521182.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/19 13:17:37.0734 4156 7d13bf21 - detected HiddenFile.Multi.Generic (1)
2011/09/19 13:17:37.0812 4156 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/09/19 13:17:37.0906 4156 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/19 13:17:37.0984 4156 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/19 13:17:38.0062 4156 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/19 13:17:38.0124 4156 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/19 13:17:38.0233 4156 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/09/19 13:17:38.0327 4156 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/19 13:17:38.0393 4156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/19 13:17:38.0523 4156 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/09/19 13:17:38.0673 4156 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/19 13:17:38.0743 4156 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/09/19 13:17:38.0843 4156 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/19 13:17:38.0913 4156 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/19 13:17:39.0023 4156 ApfiltrService (587ca72709dd93942422f40a9b046dd8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/19 13:17:39.0213 4156 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/19 13:17:39.0323 4156 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/19 13:17:39.0383 4156 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/19 13:17:39.0463 4156 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
2011/09/19 13:17:39.0643 4156 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
2011/09/19 13:17:39.0723 4156 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/09/19 13:17:39.0853 4156 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/19 13:17:40.0093 4156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/19 13:17:40.0143 4156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/19 13:17:40.0213 4156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/19 13:17:40.0313 4156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/19 13:17:40.0363 4156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/19 13:17:40.0573 4156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/19 13:17:40.0633 4156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/19 13:17:40.0892 4156 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/19 13:17:40.0939 4156 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/19 13:17:41.0001 4156 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/19 13:17:41.0079 4156 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/09/19 13:17:41.0157 4156 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/19 13:17:41.0251 4156 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/09/19 13:17:41.0313 4156 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/19 13:17:41.0375 4156 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/19 13:17:41.0422 4156 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/19 13:17:41.0563 4156 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/19 13:17:41.0656 4156 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/09/19 13:17:41.0781 4156 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/19 13:17:41.0859 4156 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/19 13:17:41.0937 4156 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/19 13:17:42.0015 4156 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/09/19 13:17:42.0109 4156 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/19 13:17:42.0233 4156 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/19 13:17:42.0327 4156 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/19 13:17:42.0405 4156 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/09/19 13:17:42.0561 4156 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/19 13:17:42.0701 4156 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/09/19 13:17:42.0857 4156 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/19 13:17:43.0013 4156 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/09/19 13:17:43.0091 4156 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/09/19 13:17:43.0154 4156 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/19 13:17:43.0216 4156 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/09/19 13:17:43.0435 4156 Fs_Rec (1ed8599e1e08ba40f2b7301f0b83583a) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/19 13:17:43.0606 4156 fvevol (06a1cf72fbe3b50035fbff428c8d84b4) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/19 13:17:43.0731 4156 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/19 13:17:44.0105 4156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/19 13:17:44.0183 4156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/19 13:17:44.0495 4156 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/19 13:17:44.0729 4156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/19 13:17:44.0823 4156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/19 13:17:44.0901 4156 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/19 13:17:45.0041 4156 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/19 13:17:45.0213 4156 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/19 13:17:45.0338 4156 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/19 13:17:45.0743 4156 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/19 13:17:45.0899 4156 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/09/19 13:17:46.0009 4156 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/19 13:17:46.0087 4156 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/19 13:17:46.0196 4156 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/19 13:17:46.0352 4156 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/19 13:17:46.0445 4156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/19 13:17:46.0664 4156 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/19 13:17:46.0804 4156 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/09/19 13:17:46.0882 4156 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/19 13:17:46.0976 4156 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/19 13:17:47.0085 4156 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/19 13:17:47.0163 4156 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/19 13:17:47.0257 4156 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/09/19 13:17:47.0350 4156 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/19 13:17:47.0397 4156 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/19 13:17:47.0475 4156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/19 13:17:47.0553 4156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/19 13:17:47.0693 4156 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/19 13:17:47.0756 4156 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/09/19 13:17:47.0834 4156 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/19 13:17:47.0959 4156 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/19 13:17:48.0037 4156 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/19 13:17:48.0115 4156 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/19 13:17:48.0177 4156 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/19 13:17:48.0239 4156 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/09/19 13:17:48.0302 4156 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/19 13:17:48.0364 4156 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/19 13:17:48.0489 4156 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/09/19 13:17:48.0551 4156 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/19 13:17:48.0598 4156 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/19 13:17:48.0661 4156 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/19 13:17:48.0707 4156 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/09/19 13:17:48.0801 4156 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/19 13:17:48.0863 4156 mpsdrv (8d326e8b321685d4784afa1c55169d73) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/19 13:17:48.0926 4156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/19 13:17:48.0957 4156 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/09/19 13:17:49.0019 4156 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/19 13:17:49.0113 4156 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/19 13:17:49.0253 4156 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/19 13:17:49.0347 4156 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/09/19 13:17:49.0441 4156 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/19 13:17:49.0503 4156 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/09/19 13:17:49.0581 4156 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/09/19 13:17:49.0643 4156 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/19 13:17:49.0690 4156 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/19 13:17:49.0768 4156 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/09/19 13:17:49.0815 4156 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/09/19 13:17:49.0909 4156 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/19 13:17:49.0955 4156 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/09/19 13:17:50.0002 4156 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/09/19 13:17:50.0127 4156 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/19 13:17:50.0221 4156 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/09/19 13:17:50.0283 4156 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/19 13:17:50.0330 4156 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/19 13:17:50.0408 4156 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/19 13:17:50.0470 4156 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/09/19 13:17:50.0548 4156 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/19 13:17:50.0595 4156 netbt (0cc1b44748b468f1063bdfd37be84607) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/19 13:17:50.0611 4156 netbt - detected Rootkit.Win32.ZAccess.e (0)
2011/09/19 13:17:50.0969 4156 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/09/19 13:17:51.0110 4156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/19 13:17:51.0203 4156 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/09/19 13:17:51.0250 4156 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/19 13:17:51.0328 4156 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/09/19 13:17:51.0406 4156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/19 13:17:51.0484 4156 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/09/19 13:17:51.0578 4156 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/19 13:17:51.0625 4156 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/19 13:17:51.0671 4156 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/19 13:17:51.0827 4156 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/19 13:17:51.0983 4156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/19 13:17:52.0030 4156 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/09/19 13:17:52.0077 4156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/19 13:17:52.0155 4156 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/09/19 13:17:52.0249 4156 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2011/09/19 13:17:52.0358 4156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/19 13:17:52.0436 4156 PCTCore (ccbbf4ddf14e779c2a63a1ca140663b3) C:\Windows\system32\drivers\PCTCore.sys
2011/09/19 13:17:52.0529 4156 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/09/19 13:17:52.0623 4156 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/09/19 13:17:52.0763 4156 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/09/19 13:17:52.0841 4156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/19 13:17:53.0153 4156 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/19 13:17:53.0278 4156 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/19 13:17:53.0372 4156 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/19 13:17:53.0465 4156 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/19 13:17:53.0606 4156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/19 13:17:53.0684 4156 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/19 13:17:53.0731 4156 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/19 13:17:53.0793 4156 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/19 13:17:53.0840 4156 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/19 13:17:53.0887 4156 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/19 13:17:53.0996 4156 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/19 13:17:54.0089 4156 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/09/19 13:17:54.0167 4156 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/19 13:17:54.0230 4156 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/09/19 13:17:54.0511 4156 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/19 13:17:54.0589 4156 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/19 13:17:54.0713 4156 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/19 13:17:54.0823 4156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/19 13:17:54.0916 4156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/19 13:17:54.0994 4156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/19 13:17:55.0057 4156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/19 13:17:55.0181 4156 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/09/19 13:17:55.0322 4156 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/19 13:17:55.0369 4156 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/19 13:17:55.0431 4156 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/19 13:17:55.0478 4156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/19 13:17:55.0556 4156 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/19 13:17:55.0618 4156 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/19 13:17:55.0727 4156 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/19 13:17:55.0790 4156 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/09/19 13:17:55.0837 4156 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/09/19 13:17:55.0899 4156 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/09/19 13:17:56.0039 4156 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/19 13:17:56.0149 4156 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/19 13:17:56.0242 4156 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/19 13:17:56.0289 4156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/19 13:17:56.0398 4156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/19 13:17:56.0461 4156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/19 13:17:56.0585 4156 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/09/19 13:17:56.0710 4156 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/19 13:17:56.0773 4156 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/19 13:17:56.0804 4156 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/09/19 13:17:56.0882 4156 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/19 13:17:56.0944 4156 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/19 13:17:56.0991 4156 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/19 13:17:57.0194 4156 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/09/19 13:17:57.0381 4156 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/19 13:17:57.0631 4156 tunmp (80fc4ac81602c88e7d23618e6efba2c6) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/19 13:17:57.0896 4156 tunnel (52daa1fa3b5a40d6a6627b44c60a9b78) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/19 13:17:57.0943 4156 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/19 13:17:58.0161 4156 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/19 13:18:00.0267 4156 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/19 13:18:00.0829 4156 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/19 13:18:01.0655 4156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/19 13:18:01.0858 4156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/19 13:18:02.0030 4156 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/19 13:18:02.0155 4156 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/19 13:18:02.0264 4156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/19 13:18:02.0342 4156 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/19 13:18:02.0404 4156 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/19 13:18:02.0560 4156 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/19 13:18:02.0825 4156 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/19 13:18:03.0231 4156 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/19 13:18:03.0590 4156 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/19 13:18:03.0746 4156 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/19 13:18:04.0105 4156 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/19 13:18:04.0463 4156 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/09/19 13:18:04.0526 4156 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/19 13:18:04.0635 4156 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/19 13:18:04.0697 4156 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/09/19 13:18:04.0822 4156 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/09/19 13:18:04.0869 4156 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/09/19 13:18:04.0916 4156 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/09/19 13:18:05.0009 4156 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/19 13:18:05.0103 4156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/19 13:18:05.0150 4156 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/19 13:18:05.0181 4156 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/19 13:18:05.0290 4156 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/19 13:18:05.0353 4156 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/19 13:18:05.0524 4156 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/19 13:18:05.0665 4156 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/19 13:18:05.0789 4156 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/19 13:18:05.0852 4156 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/19 13:18:05.0961 4156 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/19 13:18:06.0039 4156 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/19 13:18:06.0117 4156 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/09/19 13:18:06.0304 4156 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/19 13:18:06.0320 4156 Boot (0x1200) (fba65d0e24f43e112b6e5c98a24abb4b) \Device\Harddisk0\DR0\Partition0
2011/09/19 13:18:06.0335 4156 ================================================================================
2011/09/19 13:18:06.0335 4156 Scan finished
2011/09/19 13:18:06.0335 4156 ================================================================================
2011/09/19 13:18:06.0351 4148 Detected object count: 2
2011/09/19 13:18:06.0351 4148 Actual detected object count: 2
2011/09/19 13:18:23.0495 4148 HiddenFile.Multi.Generic(7d13bf21) - User select action: Skip
2011/09/19 13:18:23.0636 4148 netbt (0cc1b44748b468f1063bdfd37be84607) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/19 13:18:23.0636 4148 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
2011/09/19 13:18:23.0979 4148 Backup copy found, using it..
2011/09/19 13:18:24.0010 4148 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/09/19 13:18:24.0010 4148 Rootkit.Win32.ZAccess.e(netbt) - User select action: Cure
2011/09/19 13:18:27.0863 1060 Deinitialize success

Attached Files


Edited by shearingsheep, 19 September 2011 - 12:30 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 12:54 PM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 02:43 PM

I get a log.txt error when I try to run it.

"windows cannot find log.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 04:31 PM

did you save it to the C: drive or where did you save it to
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 04:48 PM

Vista wouldn't let me save the file on the C Drive so I had to save it on a folder in the drive.

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 05:29 PM

look inside the folder and see if the report is there



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 05:36 PM

I'm having the same problem.

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 05:40 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
junction.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 06:09 PM

Sweet, got it to work.


========== filefind ==========
SystemLook 30.07.11 by jpshortstuff
Log created at 19:08 on 19/09/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "junction.*"
C:\Users\Owner\Junction.zip --a---- 79623 bytes [21:40 19/09/2011] [21:40 19/09/2011] 42509C552B16E06D9178DD2AEBB48795
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Junction.lnk --a---- 537 bytes [19:28 19/09/2011] [21:40 19/09/2011] 6054B6C21A16E89AB410EDE6AE18EAC3
C:\Users\Owner\Downloads\Junction.zip --a---- 79623 bytes [19:28 19/09/2011] [19:28 19/09/2011] 42509C552B16E06D9178DD2AEBB48795
C:\Users\Owner\Junction\junction.exe --a---- 150392 bytes [21:41 19/09/2011] [19:39 07/09/2010] F1F23D4DF41C5DA5444C97781FF2CAB7

-= EOF =-

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 19 September 2011 - 06:34 PM

Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd C:\Users\Owner\Junction
junction -s c:\Users\Owner\Junction\>log.txt
start log.txt
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 shearingsheep

shearingsheep
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 September 2011 - 06:39 PM

junc.bat log

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

No matching files were found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users