Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects Not Killed by TDSS/Combofix


  • This topic is locked This topic is locked
28 replies to this topic

#1 diveinpuddles8

diveinpuddles8

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 27 December 2011 - 11:53 AM

My computer is experience the following problems:
-Google redirects to various websites, usually get-answers-fast.com, or 63.209.69.107, and some other random websites in between.
-Many folders on my computer are locked (see attached capture.jpg) despite the fact that I am running w/ administrator priviledges.
-Sys tray doesn't compact items like it did pre-redirects.
-Google images only loads the first three rows of images. I can scroll down in the left-hand panel to change most options. This started the same time as the redirects.

What I have done so far (Multiple times each, in various orders):
Run Kaspersky TDSSkiller - which found nothing.
Run Malwarebytes... which found/fixed some things, but did not address the problem
Run Rkill, which will disable the problem temporarily, but only addresses one closes one file: SysWOW64/rundll32.exe.
Run combofix, which will fix the problem temporarily/sporadically (only on some websites).
At times the google redirect appears to be fixed (but not the other problems), yet when I shut down my computer or let it go into sleep mode, the issue will reappear the second that I turn my computer back on!

I am running the 64-bit version of Windows 7 Home Edition so I can't run GMER.

Let me know if this info help/what other logs you will need. This problem has been occuring for about a week now and it is beyond frustrating!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 01 January 2012 - 05:01 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2012 - 10:11 AM

Thank you in advance for your help.
I ran the scan overnight. Google was redirecting yesterday prior to running the scan. As of right now, it's not redirecting, but once I let it go into sleep mode it might come back (this is what has happened in the past). I'll let you know in a bit if this is the case.

The other issues are still occurring.
-Even though my account is an administrator account, a lot of things are shown as "locked" to me and I sometimes get the message that I can't run certain programs or add/remove programs because I'm not an administrator.
-My sys tray doesn't compact - I'm sure this is a system setting somewhere but I can't find it (perhaps because of the above problem?)
-Google images still only loads the first 2-3 rows of pictures (in every browser).






Here's the new log:

ComboFix 12-01-01.06 - Jess 01/02/2012 0:22.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2423 [GMT -5:00]
Running from: c:\users\Jess\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 05:52 . 2012-01-02 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 02:10 . 2012-01-02 02:10 -------- d-s---w- c:\windows\SysWow64\Microsoft
2011-12-30 02:30 . 2011-12-30 02:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8288B2F0-F4D2-42FB-A84C-86A919F96CBD}\offreg.dll
2011-12-30 00:56 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.c2c0.deleteme
2011-12-30 00:56 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.3a27.deleteme
2011-12-28 19:29 . 2011-12-28 19:29 -------- d-----w- c:\windows\system32\Macromed
2011-12-28 00:19 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8288B2F0-F4D2-42FB-A84C-86A919F96CBD}\mpengine.dll
2011-12-27 20:35 . 2011-12-27 20:35 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-27 03:21 . 2011-12-27 03:39 -------- d-----w- c:\programdata\PC Tools
2011-12-23 21:20 . 2011-12-23 21:21 -------- d-----w- c:\program files\iTunes
2011-12-23 21:20 . 2011-12-23 21:21 -------- d-----w- c:\program files (x86)\iTunes
2011-12-23 21:20 . 2011-12-23 21:20 -------- d-----w- c:\program files\iPod
2011-12-23 03:04 . 2011-12-23 03:04 -------- d-----w- c:\windows\system32\SPReview
2011-12-23 03:03 . 2011-12-23 03:03 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 03:00 . 2011-12-22 03:00 388096 ----a-r- c:\users\Jess\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-22 03:00 . 2011-12-22 03:00 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-19 02:30 . 2011-12-19 02:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-18 01:09 . 2011-12-30 01:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-18 01:09 . 2011-12-30 01:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-18 01:01 . 2011-12-28 19:24 -------- d-----w- c:\program files\CCleaner
2011-12-17 03:57 . 2011-12-17 03:57 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2011-12-17 03:57 . 2011-12-17 03:57 -------- d-----w- c:\programdata\Malwarebytes
2011-12-17 03:57 . 2011-12-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-13 22:53 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-05 18:46 . 2011-12-05 18:46 -------- d-----w- c:\windows\en
2011-12-05 18:45 . 2011-12-05 18:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-12-05 18:43 . 2011-12-05 18:44 -------- d-----w- c:\program files (x86)\Windows Live
2011-12-05 18:41 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-12-05 18:41 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-12-05 18:41 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-12-05 18:41 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-05 18:40 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-12-05 18:40 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-12-05 18:39 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-12-05 18:39 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-12-05 18:39 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-12-05 18:39 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-12-05 18:33 . 2011-12-10 02:40 -------- d-----w- c:\users\Jess\AppData\Local\Windows Live
2011-12-05 18:33 . 2011-12-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 19:32 . 2011-05-23 02:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 03:54 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-12-23 03:54 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-05 18:42 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-18 01:06 . 2011-11-18 01:06 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2011-11-18 01:06 . 2011-11-18 01:06 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2011-11-10 10:54 . 2011-06-12 01:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-07 23:22 . 2011-04-26 05:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-07 23:22 . 2011-04-26 05:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-24_00.21.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-27 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 03:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-18 03:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 03:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-18 03:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-27 03:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 01:31 . 2012-01-02 05:57 32580 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-02 05:57 36506 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-01-02 02:03 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-23 04:04 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-05-18 02:17 . 2011-12-23 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 02:17 . 2012-01-02 02:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 02:17 . 2012-01-02 02:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-18 02:17 . 2011-12-23 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-02 02:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-23 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-02 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 23:24 . 2011-12-24 00:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 03:28 . 2011-12-24 00:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 03:28 . 2012-01-02 05:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 03:28 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-12-17 03:28 . 2011-12-24 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-12-17 03:28 . 2011-12-24 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-12-17 03:28 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-05-17 23:24 . 2011-12-24 00:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-02 05:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-02 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-17 23:24 . 2011-12-24 00:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 00:34 . 2011-12-24 00:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 00:34 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 00:34 . 2011-12-24 00:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 00:34 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 00:34 . 2012-01-02 02:23 9178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1499554560-3419991419-595465431-1001_UserData.bin
- 2011-12-24 00:19 . 2011-12-24 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-02 05:55 . 2012-01-02 05:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-24 00:19 . 2011-12-24 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-02 05:55 . 2012-01-02 05:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-28 19:29 . 2011-12-28 19:29 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-12-28 19:32 . 2011-12-28 19:32 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-28 19:32 . 2011-12-28 19:32 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-11-17 00:20 . 2011-12-28 19:01 243872 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe
- 2011-11-17 00:20 . 2011-12-23 02:37 243872 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe
+ 2012-01-02 02:01 . 2012-01-02 02:10 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2012-01-02 02:01 . 2012-01-02 02:10 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-01-02 02:01 . 2012-01-02 02:10 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2011-05-19 01:13 . 2012-01-01 03:50 244686 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-02 05:07 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-23 04:14 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-23 04:14 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-02 05:07 107366 c:\windows\system32\perfc009.dat
+ 2011-12-28 19:29 . 2011-12-28 19:29 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2011-12-28 19:32 . 2011-12-28 19:32 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2011-12-28 19:32 . 2011-12-28 19:32 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
- 2009-07-14 05:30 . 2011-12-23 03:58 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-02 02:03 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-02 02:03 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-23 04:04 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2011-12-24 00:18 538820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-02 05:54 538820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-28 19:01 . 2011-12-28 19:29 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 02:34 . 2012-01-02 02:36 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-12-23 15:34 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-28 19:29 . 2011-12-28 19:29 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-17 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-07 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:21]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\n4c7gspp.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: BYTubeD - Bulk YouTube video Downloader: bytubed@cs213.cse.iitk.ac.in - %profile%\extensions\bytubed@cs213.cse.iitk.ac.in
.
.
------- File Associations -------
.
.txt=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
.
**************************************************************************
.
Completion time: 2012-01-02 01:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 06:17
ComboFix2.txt 2011-12-27 05:00
ComboFix3.txt 2011-12-26 01:27
ComboFix4.txt 2011-12-24 04:43
ComboFix5.txt 2011-12-27 15:21
.
Pre-Run: 184,694,706,176 bytes free
Post-Run: 184,612,716,544 bytes free
.
- - End Of File - - BB521588D8C881FCFB4A54C7987459F3

#4 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2012 - 10:52 AM

My computer went into sleep mode and the redirect is back...

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 02 January 2012 - 11:19 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2012 - 11:31 AM

Double clicking the tool doesn't open it, nor does right clicking and doing "run as administrator."

What should I do?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 02 January 2012 - 11:40 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2012 - 11:59 AM

fixTDSS said it fixed something.

TDSS Killer said "no threats detected."

My google is not redirecting at the moment, but we'll see what happens when it goes back into sleep mode.

Google images is now showing all images! So maybe that part of the problem is fixed. Awesome!

The systray is still not compacting.
Some of my folders still have locks on them even though my account is listed as administrator. When I double click on those folders (e.g. "Documents and Settings") it says: "Location is not available. C:\Documents and Settings is not accessible. Access is denied"
I'm a little confused as to why I even have a documents and settings folder since that stuff should all be in the "Users" folder, right?
Within my users folder, "All Users" "Default User" and "Jess" all have a lock symbol also... but these I can click on and open.
It's just bizarre.




Here is the TDSS Killer log:


11:50:31.0355 4976 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:50:31.0621 4976 ============================================================
11:50:31.0621 4976 Current date / time: 2012/01/02 11:50:31.0621
11:50:31.0621 4976 SystemInfo:
11:50:31.0621 4976
11:50:31.0621 4976 OS Version: 6.1.7600 ServicePack: 0.0
11:50:31.0621 4976 Product type: Workstation
11:50:31.0621 4976 ComputerName: JESS-LAPTOP
11:50:31.0621 4976 UserName: Jess
11:50:31.0621 4976 Windows directory: C:\Windows
11:50:31.0621 4976 System windows directory: C:\Windows
11:50:31.0621 4976 Running under WOW64
11:50:31.0621 4976 Processor architecture: Intel x64
11:50:31.0621 4976 Number of processors: 2
11:50:31.0621 4976 Page size: 0x1000
11:50:31.0621 4976 Boot type: Normal boot
11:50:31.0621 4976 ============================================================
11:50:32.0978 4976 Initialize success
11:50:36.0020 5048 ============================================================
11:50:36.0020 5048 Scan started
11:50:36.0020 5048 Mode: Manual;
11:50:36.0020 5048 ============================================================
11:50:37.0720 5048 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
11:50:37.0720 5048 1394ohci - ok
11:50:37.0751 5048 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
11:50:37.0751 5048 ACPI - ok
11:50:37.0907 5048 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
11:50:37.0907 5048 AcpiPmi - ok
11:50:37.0985 5048 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
11:50:37.0985 5048 adfs - ok
11:50:38.0173 5048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:50:38.0173 5048 adp94xx - ok
11:50:38.0438 5048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:50:38.0438 5048 adpahci - ok
11:50:38.0625 5048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:50:38.0625 5048 adpu320 - ok
11:50:38.0719 5048 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:50:38.0719 5048 AFD - ok
11:50:38.0890 5048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:50:38.0890 5048 agp440 - ok
11:50:38.0937 5048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:50:38.0937 5048 aliide - ok
11:50:38.0953 5048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:50:38.0953 5048 amdide - ok
11:50:39.0124 5048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:50:39.0124 5048 AmdK8 - ok
11:50:39.0140 5048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:50:39.0140 5048 AmdPPM - ok
11:50:39.0187 5048 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:50:39.0187 5048 amdsata - ok
11:50:39.0218 5048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:50:39.0218 5048 amdsbs - ok
11:50:39.0358 5048 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:50:39.0935 5048 amdxata - ok
11:50:40.0013 5048 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:50:40.0013 5048 ApfiltrService - ok
11:50:40.0185 5048 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:50:40.0185 5048 AppID - ok
11:50:40.0403 5048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:50:40.0403 5048 arc - ok
11:50:40.0435 5048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:50:40.0435 5048 arcsas - ok
11:50:40.0497 5048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:40.0497 5048 AsyncMac - ok
11:50:40.0653 5048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:50:40.0653 5048 atapi - ok
11:50:40.0731 5048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:50:40.0747 5048 b06bdrv - ok
11:50:40.0918 5048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:50:40.0918 5048 b57nd60a - ok
11:50:41.0012 5048 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:50:41.0043 5048 BCM43XX - ok
11:50:41.0199 5048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:50:41.0199 5048 Beep - ok
11:50:41.0246 5048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:50:41.0261 5048 blbdrive - ok
11:50:41.0433 5048 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:50:41.0433 5048 bowser - ok
11:50:41.0480 5048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:50:41.0480 5048 BrFiltLo - ok
11:50:41.0495 5048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:50:41.0495 5048 BrFiltUp - ok
11:50:41.0667 5048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:50:41.0667 5048 Brserid - ok
11:50:41.0683 5048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:50:41.0683 5048 BrSerWdm - ok
11:50:41.0698 5048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:50:41.0698 5048 BrUsbMdm - ok
11:50:41.0698 5048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:50:41.0698 5048 BrUsbSer - ok
11:50:41.0714 5048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:50:41.0714 5048 BTHMODEM - ok
11:50:41.0901 5048 catchme - ok
11:50:42.0073 5048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:42.0073 5048 cdfs - ok
11:50:42.0166 5048 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
11:50:42.0166 5048 cdrom - ok
11:50:42.0338 5048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:50:42.0338 5048 circlass - ok
11:50:42.0431 5048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:50:42.0447 5048 CLFS - ok
11:50:42.0634 5048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:42.0650 5048 CmBatt - ok
11:50:42.0697 5048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:50:42.0697 5048 cmdide - ok
11:50:42.0743 5048 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:50:42.0759 5048 CNG - ok
11:50:42.0931 5048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:50:42.0931 5048 Compbatt - ok
11:50:42.0993 5048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
11:50:42.0993 5048 CompositeBus - ok
11:50:43.0149 5048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:50:43.0149 5048 crcdisk - ok
11:50:43.0383 5048 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
11:50:43.0383 5048 dc3d - ok
11:50:43.0726 5048 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:50:43.0726 5048 DfsC - ok
11:50:43.0835 5048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:50:43.0835 5048 discache - ok
11:50:44.0085 5048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:50:44.0085 5048 Disk - ok
11:50:44.0163 5048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:50:44.0163 5048 drmkaud - ok
11:50:44.0319 5048 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:50:44.0319 5048 dtsoftbus01 - ok
11:50:44.0444 5048 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:44.0444 5048 DXGKrnl - ok
11:50:44.0725 5048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:50:44.0834 5048 ebdrv - ok
11:50:45.0021 5048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:50:45.0037 5048 elxstor - ok
11:50:45.0177 5048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:50:45.0177 5048 ErrDev - ok
11:50:45.0380 5048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:50:45.0380 5048 exfat - ok
11:50:45.0832 5048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:50:45.0832 5048 fastfat - ok
11:50:46.0160 5048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:50:46.0160 5048 fdc - ok
11:50:46.0378 5048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:50:46.0378 5048 FileInfo - ok
11:50:46.0409 5048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:50:46.0425 5048 Filetrace - ok
11:50:46.0643 5048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:46.0643 5048 flpydisk - ok
11:50:46.0690 5048 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:50:46.0690 5048 FltMgr - ok
11:50:46.0737 5048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:50:46.0737 5048 FsDepends - ok
11:50:46.0893 5048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:46.0893 5048 Fs_Rec - ok
11:50:46.0987 5048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:50:46.0987 5048 fvevol - ok
11:50:47.0158 5048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:50:47.0158 5048 gagp30kx - ok
11:50:47.0252 5048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:47.0252 5048 GEARAspiWDM - ok
11:50:47.0455 5048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:50:47.0455 5048 hcw85cir - ok
11:50:47.0548 5048 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:50:47.0548 5048 HdAudAddService - ok
11:50:47.0735 5048 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
11:50:47.0735 5048 HDAudBus - ok
11:50:47.0798 5048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:50:47.0798 5048 HidBatt - ok
11:50:47.0813 5048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:50:47.0813 5048 HidBth - ok
11:50:47.0969 5048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:50:47.0985 5048 HidIr - ok
11:50:48.0094 5048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
11:50:48.0094 5048 HidUsb - ok
11:50:48.0266 5048 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
11:50:48.0266 5048 HpSAMD - ok
11:50:48.0359 5048 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:50:48.0375 5048 HTTP - ok
11:50:48.0500 5048 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:50:48.0500 5048 hwpolicy - ok
11:50:48.0578 5048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:50:48.0578 5048 i8042prt - ok
11:50:48.0734 5048 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:50:48.0734 5048 iaStorV - ok
11:50:48.0999 5048 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:50:49.0249 5048 igfx - ok
11:50:49.0483 5048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:50:49.0483 5048 iirsp - ok
11:50:49.0576 5048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:50:49.0576 5048 intelide - ok
11:50:49.0717 5048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:49.0717 5048 intelppm - ok
11:50:49.0763 5048 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:49.0763 5048 IpFilterDriver - ok
11:50:49.0841 5048 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
11:50:49.0841 5048 IPMIDRV - ok
11:50:49.0982 5048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:50:49.0982 5048 IPNAT - ok
11:50:50.0185 5048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:50:50.0200 5048 IRENUM - ok
11:50:50.0247 5048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:50:50.0247 5048 isapnp - ok
11:50:50.0325 5048 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
11:50:50.0325 5048 iScsiPrt - ok
11:50:50.0481 5048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:50:50.0481 5048 kbdclass - ok
11:50:50.0559 5048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
11:50:50.0559 5048 kbdhid - ok
11:50:50.0621 5048 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:50:50.0621 5048 KSecDD - ok
11:50:50.0746 5048 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:50:50.0746 5048 KSecPkg - ok
11:50:50.0809 5048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:50:50.0809 5048 ksthunk - ok
11:50:50.0980 5048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:50.0996 5048 lltdio - ok
11:50:51.0074 5048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:50:51.0074 5048 LSI_FC - ok
11:50:51.0199 5048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:50:51.0199 5048 LSI_SAS - ok
11:50:51.0230 5048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:50:51.0245 5048 LSI_SAS2 - ok
11:50:51.0261 5048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:50:51.0277 5048 LSI_SCSI - ok
11:50:51.0292 5048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:50:51.0292 5048 luafv - ok
11:50:51.0417 5048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:50:51.0417 5048 megasas - ok
11:50:51.0448 5048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:50:51.0448 5048 MegaSR - ok
11:50:51.0511 5048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:50:51.0511 5048 Modem - ok
11:50:51.0651 5048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:50:51.0651 5048 monitor - ok
11:50:51.0713 5048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:50:51.0713 5048 mouclass - ok
11:50:51.0807 5048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:51.0807 5048 mouhid - ok
11:50:51.0916 5048 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:50:51.0916 5048 mountmgr - ok
11:50:51.0994 5048 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
11:50:51.0994 5048 mpio - ok
11:50:52.0135 5048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:50:52.0135 5048 mpsdrv - ok
11:50:52.0213 5048 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:50:52.0213 5048 MRxDAV - ok
11:50:52.0291 5048 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:52.0291 5048 mrxsmb - ok
11:50:52.0415 5048 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:52.0415 5048 mrxsmb10 - ok
11:50:52.0509 5048 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:52.0509 5048 mrxsmb20 - ok
11:50:52.0649 5048 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
11:50:52.0649 5048 msahci - ok
11:50:52.0727 5048 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
11:50:52.0727 5048 msdsm - ok
11:50:52.0868 5048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:50:52.0868 5048 Msfs - ok
11:50:52.0946 5048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:50:52.0946 5048 mshidkmdf - ok
11:50:52.0993 5048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:50:52.0993 5048 msisadrv - ok
11:50:53.0133 5048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:53.0133 5048 MSKSSRV - ok
11:50:53.0195 5048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:53.0195 5048 MSPCLOCK - ok
11:50:53.0227 5048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:50:53.0227 5048 MSPQM - ok
11:50:53.0273 5048 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:50:53.0273 5048 MsRPC - ok
11:50:53.0383 5048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:50:53.0383 5048 mssmbios - ok
11:50:53.0492 5048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:50:53.0507 5048 MSTEE - ok
11:50:53.0632 5048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:50:53.0648 5048 MTConfig - ok
11:50:53.0913 5048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:50:53.0913 5048 Mup - ok
11:50:54.0287 5048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:54.0287 5048 NativeWifiP - ok
11:50:54.0490 5048 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:50:54.0521 5048 NDIS - ok
11:50:54.0740 5048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:50:54.0755 5048 NdisCap - ok
11:50:54.0896 5048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:54.0911 5048 NdisTapi - ok
11:50:54.0989 5048 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:54.0989 5048 Ndisuio - ok
11:50:55.0130 5048 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:55.0145 5048 NdisWan - ok
11:50:55.0192 5048 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:50:55.0208 5048 NDProxy - ok
11:50:55.0379 5048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:50:55.0395 5048 NetBIOS - ok
11:50:55.0442 5048 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:50:55.0442 5048 NetBT - ok
11:50:55.0691 5048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:50:55.0691 5048 nfrd960 - ok
11:50:55.0723 5048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:50:55.0723 5048 Npfs - ok
11:50:55.0847 5048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:50:55.0863 5048 nsiproxy - ok
11:50:56.0066 5048 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:50:56.0081 5048 Ntfs - ok
11:50:56.0284 5048 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:50:56.0284 5048 NuidFltr - ok
11:50:56.0393 5048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:50:56.0409 5048 Null - ok
11:50:56.0549 5048 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:50:56.0565 5048 nvraid - ok
11:50:56.0612 5048 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:50:56.0612 5048 nvstor - ok
11:50:56.0659 5048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:50:56.0674 5048 nv_agp - ok
11:50:56.0908 5048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:50:56.0924 5048 ohci1394 - ok
11:50:57.0002 5048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:50:57.0018 5048 Parport - ok
11:50:57.0267 5048 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:50:57.0283 5048 partmgr - ok
11:50:57.0454 5048 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
11:50:57.0454 5048 pci - ok
11:50:57.0501 5048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:50:57.0501 5048 pciide - ok
11:50:57.0595 5048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:50:57.0610 5048 pcmcia - ok
11:50:57.0813 5048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:50:57.0813 5048 pcw - ok
11:50:57.0954 5048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:50:57.0969 5048 PEAUTH - ok
11:50:58.0219 5048 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
11:50:58.0219 5048 Point64 - ok
11:50:58.0546 5048 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:50:58.0562 5048 PptpMiniport - ok
11:50:58.0812 5048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:50:58.0843 5048 Processor - ok
11:50:59.0092 5048 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:50:59.0108 5048 Psched - ok
11:50:59.0545 5048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:50:59.0592 5048 ql2300 - ok
11:50:59.0810 5048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:50:59.0826 5048 ql40xx - ok
11:51:00.0028 5048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:51:00.0044 5048 QWAVEdrv - ok
11:51:00.0153 5048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:51:00.0153 5048 RasAcd - ok
11:51:00.0262 5048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:51:00.0278 5048 RasAgileVpn - ok
11:51:00.0450 5048 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:51:00.0481 5048 Rasl2tp - ok
11:51:00.0637 5048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:51:00.0652 5048 RasPppoe - ok
11:51:00.0699 5048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:51:00.0699 5048 RasSstp - ok
11:51:00.0730 5048 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:51:00.0730 5048 rdbss - ok
11:51:00.0933 5048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:51:00.0933 5048 rdpbus - ok
11:51:00.0980 5048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:51:00.0980 5048 RDPCDD - ok
11:51:01.0058 5048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:51:01.0058 5048 RDPENCDD - ok
11:51:01.0183 5048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:51:01.0198 5048 RDPREFMP - ok
11:51:01.0308 5048 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:51:01.0323 5048 RDPWD - ok
11:51:01.0464 5048 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:51:01.0479 5048 rdyboost - ok
11:51:01.0588 5048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:51:01.0588 5048 rspndr - ok
11:51:01.0729 5048 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
11:51:01.0744 5048 sbp2port - ok
11:51:01.0932 5048 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:51:01.0932 5048 scfilter - ok
11:51:01.0994 5048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:51:01.0994 5048 secdrv - ok
11:51:02.0119 5048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:51:02.0150 5048 Serenum - ok
11:51:02.0197 5048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:51:02.0212 5048 Serial - ok
11:51:02.0368 5048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:51:02.0384 5048 sermouse - ok
11:51:02.0462 5048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:51:02.0462 5048 sffdisk - ok
11:51:02.0618 5048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:51:02.0634 5048 sffp_mmc - ok
11:51:02.0680 5048 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
11:51:02.0680 5048 sffp_sd - ok
11:51:02.0727 5048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:51:02.0727 5048 sfloppy - ok
11:51:02.0977 5048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:51:03.0008 5048 SiSRaid2 - ok
11:51:03.0273 5048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:51:03.0304 5048 SiSRaid4 - ok
11:51:03.0476 5048 SMARTMouseFilterx64 (078fd5f4cc92699643beb7efc5c2b64f) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
11:51:03.0492 5048 SMARTMouseFilterx64 - ok
11:51:03.0772 5048 SMARTVHidMiniVistaAmd64 (f7989516e1f2ea5f010345887dbf662f) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
11:51:03.0788 5048 SMARTVHidMiniVistaAmd64 - ok
11:51:04.0131 5048 SMARTVTabletPCx64 (539e31cdc10927153972cedd83a3d121) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
11:51:04.0131 5048 SMARTVTabletPCx64 - ok
11:51:04.0334 5048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:51:04.0350 5048 Smb - ok
11:51:04.0537 5048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:51:04.0537 5048 spldr - ok
11:51:04.0818 5048 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:51:04.0833 5048 srv - ok
11:51:05.0098 5048 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:51:05.0114 5048 srv2 - ok
11:51:05.0317 5048 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:51:05.0332 5048 srvnet - ok
11:51:05.0504 5048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:51:05.0520 5048 stexstor - ok
11:51:05.0582 5048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:51:05.0582 5048 swenum - ok
11:51:05.0941 5048 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:51:06.0003 5048 Tcpip - ok
11:51:06.0362 5048 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:51:06.0393 5048 TCPIP6 - ok
11:51:06.0612 5048 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:51:06.0612 5048 tcpipreg - ok
11:51:06.0783 5048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:51:06.0799 5048 TDPIPE - ok
11:51:06.0814 5048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:51:06.0814 5048 TDTCP - ok
11:51:06.0830 5048 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:51:06.0830 5048 tdx - ok
11:51:06.0986 5048 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
11:51:06.0986 5048 TermDD - ok
11:51:07.0080 5048 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:51:07.0095 5048 tssecsrv - ok
11:51:07.0251 5048 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:51:07.0251 5048 tunnel - ok
11:51:07.0298 5048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:51:07.0298 5048 uagp35 - ok
11:51:07.0329 5048 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:51:07.0329 5048 udfs - ok
11:51:07.0594 5048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:51:07.0610 5048 uliagpkx - ok
11:51:07.0735 5048 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
11:51:07.0782 5048 umbus - ok
11:51:07.0875 5048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:51:07.0875 5048 UmPass - ok
11:51:08.0047 5048 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:51:08.0062 5048 USBAAPL64 - ok
11:51:08.0156 5048 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
11:51:08.0172 5048 usbccgp - ok
11:51:08.0406 5048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:51:08.0421 5048 usbcir - ok
11:51:08.0577 5048 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:51:08.0608 5048 usbehci - ok
11:51:08.0702 5048 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:51:08.0702 5048 usbhub - ok
11:51:08.0983 5048 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
11:51:08.0998 5048 usbohci - ok
11:51:09.0186 5048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:51:09.0201 5048 usbprint - ok
11:51:09.0482 5048 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
11:51:09.0498 5048 USBSTOR - ok
11:51:09.0810 5048 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:51:09.0825 5048 usbuhci - ok
11:51:10.0137 5048 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:51:10.0137 5048 usbvideo - ok
11:51:10.0465 5048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:51:10.0465 5048 vdrvroot - ok
11:51:10.0792 5048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:51:10.0792 5048 vga - ok
11:51:11.0089 5048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:51:11.0120 5048 VgaSave - ok
11:51:11.0401 5048 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
11:51:11.0401 5048 vhdmp - ok
11:51:11.0682 5048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:51:11.0697 5048 viaide - ok
11:51:11.0916 5048 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
11:51:11.0916 5048 volmgr - ok
11:51:12.0072 5048 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:51:12.0087 5048 volmgrx - ok
11:51:12.0337 5048 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
11:51:12.0368 5048 volsnap - ok
11:51:12.0649 5048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:51:12.0649 5048 vsmraid - ok
11:51:12.0898 5048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:51:12.0898 5048 vwifibus - ok
11:51:13.0039 5048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:51:13.0054 5048 vwififlt - ok
11:51:13.0132 5048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:51:13.0148 5048 WacomPen - ok
11:51:13.0320 5048 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:13.0335 5048 WANARP - ok
11:51:13.0351 5048 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:13.0351 5048 Wanarpv6 - ok
11:51:13.0554 5048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:51:13.0554 5048 Wd - ok
11:51:13.0803 5048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:51:13.0819 5048 Wdf01000 - ok
11:51:14.0053 5048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:51:14.0068 5048 WfpLwf - ok
11:51:14.0131 5048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:51:14.0131 5048 WIMMount - ok
11:51:14.0412 5048 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:51:14.0427 5048 WinUsb - ok
11:51:14.0614 5048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:51:14.0614 5048 WmiAcpi - ok
11:51:14.0708 5048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:51:14.0724 5048 ws2ifsl - ok
11:51:14.0755 5048 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:51:14.0770 5048 WudfPf - ok
11:51:14.0926 5048 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:51:14.0926 5048 WUDFRd - ok
11:51:15.0160 5048 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:51:15.0176 5048 xusb21 - ok
11:51:15.0379 5048 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:51:15.0410 5048 yukonw7 - ok
11:51:15.0441 5048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:51:15.0519 5048 \Device\Harddisk0\DR0 - ok
11:51:15.0519 5048 Boot (0x1200) (b8c31708298aaae20662e4b1e64f4614) \Device\Harddisk0\DR0\Partition0
11:51:15.0519 5048 \Device\Harddisk0\DR0\Partition0 - ok
11:51:15.0566 5048 Boot (0x1200) (3f8c0439b377ee3931aaaae4eb9325dc) \Device\Harddisk0\DR0\Partition1
11:51:15.0566 5048 \Device\Harddisk0\DR0\Partition1 - ok
11:51:15.0566 5048 ============================================================
11:51:15.0566 5048 Scan finished
11:51:15.0566 5048 ============================================================
11:51:15.0582 5040 Detected object count: 0
11:51:15.0582 5040 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 02 January 2012 - 12:02 PM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 January 2012 - 03:24 PM

The redirecting still hasn't come back even after entering sleep mode! And google images continues to work! Awesome!


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Recovery: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

..
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04254e6dac2e69e21154374fdc03a4d6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06e850d249bf7942e4f7402c63aa800d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08857b5e522e46500891e93cc46c8890_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b0f076bd57ca27b5182dccb210e64b1_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0cc87e289d2a49a97f903128a348f6c6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\100b4bdea0459877f7339739465bdf18_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1743c755ff0129d9527fd108e09c0b8d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c9df9a228de5c3ddfaac547aea722c5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1dc5dad3ba73d192d10f3bdd2ec93317_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\277797d99a7388e16d5b6c4ab8785cf4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a9cc0e897eeba8ab0adc319233d4c53_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bc803538f8a9704fac6f4951e96bf7f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e8a2cb3a2fecca3b92d9e20ec7aeaae_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2eda1bfe8d3e13c32a77601cc6e17cc6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fac1dd416b5a04297de6d07daf847fc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30b3b4379ba56f01c7ea1cae032291ab_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30eb26722363095a1d0a44ac753821f7_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\331d54c64916098af3c844da47173828_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39af2a6e84ff7e27ddd7e6c231588c46_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a49599d593ad42bac27b48f8739ff5f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b1d4e5fb4948270edb4a3d56f3137da_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bb1b7800b1b058739e2eb87ae8726a8_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42e93bf2eb0deee343fa689ec0e6a77a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45a1bf483ec7bd5ae2e7b6394da2a0a2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a37dc6894a7fa8c383654cf110c386d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c9b75bb67b5bb7ba622ce0787686d5e_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d6d68c2df4539236add2b3bce7f1b53_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\516b2e9b85ad8750bc0aac75c15f92b9_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\570029d1e3b3d43b67a821ed3bc39ba2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\572b6dacfffbf7ac1a53623f4bb813e6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5816168d892a294591dbc3227df698f6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59de0a66d889f33c7dc1bac67bc0d246_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5acaa9d5dd2326e7e06f0aac8dc103d5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c8663213d3d103d8c6fbc8d25b02fa7_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e505be987f3fd5dd84045245a81cb28_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\60d04e0ce6230232c9ac2a69d525fd09_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\646288b597bb87cbd989f37d1bbb6b6b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\65216a630d33ca8eeecd1ce6ab4dd538_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66e2d210f562168e31ce4f51858d3416_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68eafe31f3cf60464267bca7e5bcb0ba_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6bcfcb3a6e7115a77c2eed5aac1cd060_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6eab30c11578bc6a7209998ded6f5e57_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\716e1dfb3432f6a596e5d8dcce27e893_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75e0f2ad40a4a3add104a3079a360e14_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77768c5c4cc64ecafadbe48e7f38ac19_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78ba724c45aee7731b564444ca774f1b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79d00b0879f35222f53484b9c1c9c3fb_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d1312388c609811474010dae2ed8855_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\804cf3f2f90eb04be37b7ea6bcdb8100_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\806a15f55ef8fb024ea0e513ae70cd4a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8830060df86323dd832bbca940167763_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\894b45e43bfd64372b75a3562e2ddabc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d0d67b73fac8ca88acc749f644040df_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e0c5273e7caa9a546dd9fe010c31050_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8eab4608e389e1da2788f29d7371a0dc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f1e85c43dc97da8d49a5f93e0f4872a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fad5eb18e22f2325c3edfedc8468e8c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\933e9a86572ff2fd0f837165f3ffaa06_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9376f5f8e98ec69683f5864fcb2f54e2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93c7792578bce97d69bc294d15a4fc3a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\968dd61a6a5c97efd81d79cf37fa6721_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b3227bb85be67dc5f6847a013fed8c3_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bdf2c549284044c530e325bfce7af16_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d9c6557da3f5e41b73dab16457818d6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9e794e49e0c216990feec4c616ae9c79_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ed3cf04b56373c9216e1601bc506769_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a331cbc884facbf111e7bf98185a6d03_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a41d04ae961ae77442fa77fa00c95df6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a500477c005f80cbbdeb864c5d96bd44_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a55c421b48805e22f5b9a98649f5f7c1_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a638f38ed6c806792f3428f7b8d8346c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a77917ef7b3e58817450dc3335970eb0_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a87b3dc5840ad0a2ba9834869107f2d9_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a8d3634227d251ccfbf36f7e5668dd2c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a93e7b38d8d58f407c6de4b7123b6864_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9d1c57c0177b3905763241c09dd1273_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abd2d000197593f5e2dce1934315ced2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\add4a98629b0f72484156d8899888691_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3ac3a210e88b85eb8d58cf2d2fa6510_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3c341016cbecd2fe4f5d6998a97a240_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b45873e2e154a0682459e33cd1fafece_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6e1b11e1de18e7afb96da80f68205ac_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc2912e2907b1af5027d1a192ed8f61f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0818d4cb46f2735489450b9aa3e4933_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c298b6fbd0433d4a1fdbc15894541c6c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c311282414ad938136a30a815e10dc32_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c35a8642587c99a1e9b9ada0291117f2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c35f1883655e66921bd59a68d4e161b5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c37ad526c0cb9eb2bd6d08f2b1471495_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4596750185167dd60c1729ab3aeb487_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6d49c048c6d79eecb1e5b63a50a5ae4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cba36d4540c40c1258415b42302ace8c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd4709ae8a530610612532a4b609b3dd_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdede04cb13d83e05812a553fae0da71_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce96c650e6f5d95300e60ea7fd7535a4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d75eb0911a1f10a20c82866674cc28b4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d93cbf8d954ee02ce5bc16771127c64f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d97a9b10dee3651875573c372439e8e4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db9a66132b04df0056e6e7dd41944035_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd32bd35af487492b0a3783089068e84_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddeeb6e337b5c2f2acb649ebc40b924c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e025a8a8bd892e8519eeac2ecfc31d5f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e13060a82da9af499e138cbf787955a2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e57a010dcc0a3fbc73b064d613ea0897_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7a419cb25058572b005c738b30a8dd8_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed85f5ca8391b676f6c534ed54216a2b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eed9f29d394d1625467f2d63fa613b9a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eeeabcdc2baada17e34e8e29051afbd2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\efbe96f5723309ed69850986572f5ffc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdca54f25e928a8c47021babd469ed1c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe11dbdb64aa65cd749d2aaa6a931c5c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.


.

...

...

...

...

.
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.



Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{72d0fa0a-3178-11e1-b001-f30eac70054b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{9e4c3f62-34fe-11e1-b262-89e04adcd44b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{b090742e-3187-11e1-99f1-f7cd90479d4b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{b0907444-3187-11e1-99f1-f7cd90479d4b}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..


Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\04254e6dac2e69e21154374fdc03a4d6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\06e850d249bf7942e4f7402c63aa800d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08857b5e522e46500891e93cc46c8890_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0b0f076bd57ca27b5182dccb210e64b1_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0cc87e289d2a49a97f903128a348f6c6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\100b4bdea0459877f7339739465bdf18_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1743c755ff0129d9527fd108e09c0b8d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1c9df9a228de5c3ddfaac547aea722c5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1dc5dad3ba73d192d10f3bdd2ec93317_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\277797d99a7388e16d5b6c4ab8785cf4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a9cc0e897eeba8ab0adc319233d4c53_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2bc803538f8a9704fac6f4951e96bf7f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2e8a2cb3a2fecca3b92d9e20ec7aeaae_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2eda1bfe8d3e13c32a77601cc6e17cc6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2fac1dd416b5a04297de6d07daf847fc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\30b3b4379ba56f01c7ea1cae032291ab_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\30eb26722363095a1d0a44ac753821f7_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\331d54c64916098af3c844da47173828_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\39af2a6e84ff7e27ddd7e6c231588c46_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3a49599d593ad42bac27b48f8739ff5f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3b1d4e5fb4948270edb4a3d56f3137da_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3bb1b7800b1b058739e2eb87ae8726a8_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\42e93bf2eb0deee343fa689ec0e6a77a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\45a1bf483ec7bd5ae2e7b6394da2a0a2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a37dc6894a7fa8c383654cf110c386d_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c9b75bb67b5bb7ba622ce0787686d5e_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d6d68c2df4539236add2b3bce7f1b53_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\516b2e9b85ad8750bc0aac75c15f92b9_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\570029d1e3b3d43b67a821ed3bc39ba2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\572b6dacfffbf7ac1a53623f4bb813e6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5816168d892a294591dbc3227df698f6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\59de0a66d889f33c7dc1bac67bc0d246_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5acaa9d5dd2326e7e06f0aac8dc103d5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5c8663213d3d103d8c6fbc8d25b02fa7_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5e505be987f3fd5dd84045245a81cb28_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\60d04e0ce6230232c9ac2a69d525fd09_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\646288b597bb87cbd989f37d1bbb6b6b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\65216a630d33ca8eeecd1ce6ab4dd538_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\66e2d210f562168e31ce4f51858d3416_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\68eafe31f3cf60464267bca7e5bcb0ba_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6bcfcb3a6e7115a77c2eed5aac1cd060_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6eab30c11578bc6a7209998ded6f5e57_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\716e1dfb3432f6a596e5d8dcce27e893_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\75e0f2ad40a4a3add104a3079a360e14_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\77768c5c4cc64ecafadbe48e7f38ac19_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78ba724c45aee7731b564444ca774f1b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\79d00b0879f35222f53484b9c1c9c3fb_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7d1312388c609811474010dae2ed8855_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\804cf3f2f90eb04be37b7ea6bcdb8100_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\806a15f55ef8fb024ea0e513ae70cd4a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8830060df86323dd832bbca940167763_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\894b45e43bfd64372b75a3562e2ddabc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8d0d67b73fac8ca88acc749f644040df_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8e0c5273e7caa9a546dd9fe010c31050_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8eab4608e389e1da2788f29d7371a0dc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f1e85c43dc97da8d49a5f93e0f4872a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8fad5eb18e22f2325c3edfedc8468e8c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\933e9a86572ff2fd0f837165f3ffaa06_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9376f5f8e98ec69683f5864fcb2f54e2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\93c7792578bce97d69bc294d15a4fc3a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\968dd61a6a5c97efd81d79cf37fa6721_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9b3227bb85be67dc5f6847a013fed8c3_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9bdf2c549284044c530e325bfce7af16_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d9c6557da3f5e41b73dab16457818d6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9e794e49e0c216990feec4c616ae9c79_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9ed3cf04b56373c9216e1601bc506769_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a331cbc884facbf111e7bf98185a6d03_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a41d04ae961ae77442fa77fa00c95df6_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a500477c005f80cbbdeb864c5d96bd44_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a55c421b48805e22f5b9a98649f5f7c1_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a638f38ed6c806792f3428f7b8d8346c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a77917ef7b3e58817450dc3335970eb0_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a87b3dc5840ad0a2ba9834869107f2d9_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a8d3634227d251ccfbf36f7e5668dd2c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a93e7b38d8d58f407c6de4b7123b6864_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a9d1c57c0177b3905763241c09dd1273_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\abd2d000197593f5e2dce1934315ced2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\add4a98629b0f72484156d8899888691_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3ac3a210e88b85eb8d58cf2d2fa6510_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3c341016cbecd2fe4f5d6998a97a240_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b45873e2e154a0682459e33cd1fafece_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b6e1b11e1de18e7afb96da80f68205ac_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc2912e2907b1af5027d1a192ed8f61f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c0818d4cb46f2735489450b9aa3e4933_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c298b6fbd0433d4a1fdbc15894541c6c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c311282414ad938136a30a815e10dc32_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c35a8642587c99a1e9b9ada0291117f2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c35f1883655e66921bd59a68d4e161b5_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c37ad526c0cb9eb2bd6d08f2b1471495_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c4596750185167dd60c1729ab3aeb487_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c6d49c048c6d79eecb1e5b63a50a5ae4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cba36d4540c40c1258415b42302ace8c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd4709ae8a530610612532a4b609b3dd_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cdede04cb13d83e05812a553fae0da71_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ce96c650e6f5d95300e60ea7fd7535a4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d75eb0911a1f10a20c82866674cc28b4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d93cbf8d954ee02ce5bc16771127c64f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d97a9b10dee3651875573c372439e8e4_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\db9a66132b04df0056e6e7dd41944035_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dd32bd35af487492b0a3783089068e84_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ddeeb6e337b5c2f2acb649ebc40b924c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e025a8a8bd892e8519eeac2ecfc31d5f_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e13060a82da9af499e138cbf787955a2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e57a010dcc0a3fbc73b064d613ea0897_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e7a419cb25058572b005c738b30a8dd8_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ed85f5ca8391b676f6c534ed54216a2b_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\eed9f29d394d1625467f2d63fa613b9a_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\eeeabcdc2baada17e34e8e29051afbd2_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\efbe96f5723309ed69850986572f5ffc_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fdca54f25e928a8c47021babd469ed1c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fe11dbdb64aa65cd749d2aaa6a931c5c_1ce0f2f7-a855-4ebe-a64f-918d845cd7af: Access is denied.


...

...

...

...

...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Jess\Application Data: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming
Substitute Name: C:\Users\Jess\AppData\Roaming

\\?\c:\\Users\Jess\Cookies: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Jess\Local Settings: JUNCTION
Print Name : C:\Users\Jess\AppData\Local
Substitute Name: C:\Users\Jess\AppData\Local

\\?\c:\\Users\Jess\My Documents: JUNCTION
Print Name : C:\Users\Jess\Documents
Substitute Name: C:\Users\Jess\Documents

\\?\c:\\Users\Jess\NetHood: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Jess\PrintHood: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Jess\Recent: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Jess\SendTo: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Jess\Start Menu: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Jess\Templates: JUNCTION
Print Name : C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Jess\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Jess\AppData\Local
Substitute Name: C:\Users\Jess\AppData\Local

\\?\c:\\Users\Jess\AppData\Local\History: JUNCTION
Print Name : C:\Users\Jess\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Jess\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Jess\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...\\?\c:\\Users\Jess\AppData\LocalLow\Siber Systems\RoboForm\UserData: SYMBOLIC LINK
Print Name : C:\Users\Jess\Documents\My RoboForm Data\Default Profile
Substitute Name: \??\C:\Users\Jess\Documents\My RoboForm Data\Default Profile



...

..\\?\c:\\Users\Jess\Documents\My Music: JUNCTION
Print Name : C:\Users\Jess\Music
Substitute Name: C:\Users\Jess\Music

\\?\c:\\Users\Jess\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Jess\Pictures
Substitute Name: C:\Users\Jess\Pictures

\\?\c:\\Users\Jess\Documents\My Videos: JUNCTION
Print Name : C:\Users\Jess\Videos
Substitute Name: C:\Users\Jess\Videos

.

...

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 03 January 2012 - 12:49 PM

Greetings

We need to reset the permissions altered by the malware on a file.

Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe

all the folders that you having access denied with I want you to drag them and drop them onto the the inherit icon


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 03 January 2012 - 08:24 PM

That seems to have fixed the folders...
Thank you for all of your help. We're getting to this thing being fully removed now! :)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 03 January 2012 - 08:38 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 diveinpuddles8

diveinpuddles8
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 03 January 2012 - 09:10 PM

The sys tray still doesn't compact.
And now I'm getting some weird error message "The Recycle Bin in C:\ is corrupted. Do you want to empty the recycle bin for this drive?" - however, the recycle bin is empty when i click on it. I clicked "okay" but the same message appears on reboot.


Here's the new combofix log:

ComboFix 12-01-03.07 - Jess 01/03/2012 20:50:33.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2704 [GMT -5:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
Command switches used :: c:\users\Jess\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 01:58 . 2012-01-04 01:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 01:18 . 2012-01-04 01:18 -------- d-----w- c:\users\Jess\AppData\Local\Hellmansoft
2012-01-04 01:18 . 2012-01-04 01:18 -------- d-----w- c:\users\Jess\AppData\Roaming\Hellmansoft
2012-01-04 01:18 . 2012-01-04 01:18 -------- d-----w- c:\program files (x86)\Hellmansoft
2012-01-03 02:53 . 2012-01-03 02:53 -------- d-----w- c:\users\Jess\AppData\Roaming\inkscape
2012-01-03 02:46 . 2012-01-03 02:51 -------- d-----w- c:\program files (x86)\Inkscape
2012-01-02 02:10 . 2012-01-02 02:10 -------- d-s---w- c:\windows\SysWow64\Microsoft
2011-12-30 00:56 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.c2c0.deleteme
2011-12-30 00:56 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.3a27.deleteme
2011-12-28 19:29 . 2011-12-28 19:29 -------- d-----w- c:\windows\system32\Macromed
2011-12-27 20:35 . 2011-12-27 20:35 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-27 03:21 . 2011-12-27 03:39 -------- d-----w- c:\programdata\PC Tools
2011-12-23 21:20 . 2011-12-23 21:21 -------- d-----w- c:\program files\iTunes
2011-12-23 21:20 . 2011-12-23 21:21 -------- d-----w- c:\program files (x86)\iTunes
2011-12-23 21:20 . 2011-12-23 21:20 -------- d-----w- c:\program files\iPod
2011-12-23 03:04 . 2011-12-23 03:04 -------- d-----w- c:\windows\system32\SPReview
2011-12-23 03:03 . 2011-12-23 03:03 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 03:00 . 2011-12-22 03:00 388096 ----a-r- c:\users\Jess\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-22 03:00 . 2011-12-22 03:00 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-19 02:30 . 2011-12-19 02:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-18 01:09 . 2011-12-30 01:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-18 01:09 . 2011-12-30 01:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-18 01:01 . 2011-12-28 19:24 -------- d-----w- c:\program files\CCleaner
2011-12-17 03:57 . 2011-12-17 03:57 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2011-12-17 03:57 . 2011-12-17 03:57 -------- d-----w- c:\programdata\Malwarebytes
2011-12-17 03:57 . 2011-12-30 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-13 22:53 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-05 18:46 . 2011-12-05 18:46 -------- d-----w- c:\windows\en
2011-12-05 18:45 . 2011-12-05 18:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-12-05 18:43 . 2011-12-05 18:44 -------- d-----w- c:\program files (x86)\Windows Live
2011-12-05 18:41 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-12-05 18:41 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-12-05 18:41 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-12-05 18:41 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-12-05 18:40 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-12-05 18:40 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-12-05 18:39 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-12-05 18:39 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-12-05 18:39 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-12-05 18:39 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-12-05 18:33 . 2011-12-10 02:40 -------- d-----w- c:\users\Jess\AppData\Local\Windows Live
2011-12-05 18:33 . 2011-12-05 18:33 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 02:30 . 2011-12-30 02:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8288B2F0-F4D2-42FB-A84C-86A919F96CBD}\offreg.dll
2011-12-28 19:32 . 2011-05-23 02:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 03:54 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-12-23 03:54 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-05 18:42 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-21 11:40 . 2011-12-28 00:19 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8288B2F0-F4D2-42FB-A84C-86A919F96CBD}\mpengine.dll
2011-11-18 01:06 . 2011-11-18 01:06 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2011-11-18 01:06 . 2011-11-18 01:06 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2011-11-10 10:54 . 2011-06-12 01:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-07 23:22 . 2011-04-26 05:58 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-07 23:22 . 2011-04-26 05:58 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-02_05.57.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-18 01:31 . 2012-01-04 02:02 33254 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-04 02:02 36582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-18 02:17 . 2012-01-04 01:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 02:17 . 2012-01-02 02:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 02:17 . 2012-01-04 01:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-18 02:17 . 2012-01-02 02:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 01:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-02 02:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-04 02:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 23:24 . 2012-01-02 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 03:28 . 2012-01-02 05:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 03:28 . 2012-01-02 16:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 03:28 . 2012-01-02 16:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-12-17 03:28 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-12-17 03:28 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-12-17 03:28 . 2012-01-02 16:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-05-17 23:24 . 2012-01-02 05:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-04 02:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-17 23:24 . 2012-01-02 05:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 23:24 . 2012-01-04 02:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 00:34 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 00:34 . 2012-01-04 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 00:34 . 2012-01-04 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 00:34 . 2012-01-02 05:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-14 15:06 . 2011-12-20 00:39 3908 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-06-14 15:06 . 2012-01-02 16:44 3908 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-05-18 00:34 . 2012-01-04 02:02 9296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1499554560-3419991419-595465431-1001_UserData.bin
- 2012-01-02 05:55 . 2012-01-02 05:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 02:00 . 2012-01-04 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-02 05:55 . 2012-01-02 05:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 02:00 . 2012-01-04 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-21 13:29 . 2012-01-04 00:00 270484 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-19 01:13 . 2012-01-04 00:44 246166 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-04 01:35 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-02 05:07 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-02 05:07 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-04 01:35 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-04 01:59 538820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-02 05:54 538820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-04-19 19:00 . 2008-04-19 19:00 360580 c:\windows\eSellerateEngine.dll
+ 2011-02-17 03:43 . 2011-02-17 03:43 2213888 c:\windows\Installer\6f80738.msi
+ 2011-07-26 18:36 . 2011-07-26 18:36 1629696 c:\windows\Installer\35af2.msi
- 2009-07-14 02:34 . 2012-01-02 02:36 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-04 01:45 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-17 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-07 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\Jess\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:21]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jess\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\n4c7gspp.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: BYTubeD - Bulk YouTube video Downloader: bytubed@cs213.cse.iitk.ac.in - %profile%\extensions\bytubed@cs213.cse.iitk.ac.in
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
.
**************************************************************************
.
Completion time: 2012-01-03 21:06:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 02:06
ComboFix2.txt 2011-12-27 05:00
ComboFix3.txt 2011-12-26 01:27
ComboFix4.txt 2011-12-24 04:43
ComboFix5.txt 2011-12-27 15:21
.
Pre-Run: 182,362,492,928 bytes free
Post-Run: 182,178,131,968 bytes free
.
- - End Of File - - D18068390126D82DADAE36FBCFC271AF

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 03 January 2012 - 09:18 PM

hello

see if this fixes the recycle bin


http://www.vistax64.com/tutorials/131294-recycle-bin-corrupted-cannot-delete-file-folder.html


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users