Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google redirects and other viruses


  • This topic is locked This topic is locked
31 replies to this topic

#1 xcharger

xcharger

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 03 January 2012 - 04:13 PM

hello, i seem to have gotten a few viruses. not really sure what they are: PING.exe and google redirects and svchost and others; MBAM says it blocks them on the bottom of my screen. im not sure what to do either. and i seem to currently have gotten the Blue Screen of Death.


If anyone can help me, i would be so greatful.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by admin at 14:46:02 on 2012-01-03
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.973 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:61535
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.9\youtubedownloaderToolbarIE.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi~1.lnk - c:\ddi\AOLICON.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188} : NameServer = 192.168.1.254
TCP: Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKslfcfd8f12;MpKslfcfd8f12;c:\programdata\microsoft\microsoft antimalware\definition updates\{e2e281e0-1545-4b30-9efb-ae982030b6a7}\MpKslfcfd8f12.sys [2012-1-3 29904]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 366152]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2010-11-29 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-2-16 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-2-16 812544]
S1 MpKsld30579c1;MpKsld30579c1;c:\programdata\microsoft\microsoft antimalware\definition updates\{e2e281e0-1545-4b30-9efb-ae982030b6a7}\MpKsld30579c1.sys [2012-1-2 29904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2008-1-20 21504]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2010-11-29 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2010-11-29 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2010-11-29 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-2-16 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-2-16 79136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-03 20:36:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2e281e0-1545-4b30-9efb-ae982030b6a7}\MpKslfcfd8f12.sys
2012-01-03 20:36:47 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2e281e0-1545-4b30-9efb-ae982030b6a7}\offreg.dll
2012-01-03 00:59:18 -------- d-sh--w- C:\found.001
2012-01-03 00:35:15 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2e281e0-1545-4b30-9efb-ae982030b6a7}\mpengine.dll
2011-12-27 20:28:19 -------- d-----w- c:\program files\Application Updater
2011-12-27 20:28:16 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-27 20:28:16 -------- d-----w- c:\program files\common files\Spigot
2011-12-27 17:25:46 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-27 17:25:46 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-27 17:25:44 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-12-10 21:01:27 -------- d-----w- c:\program files\Microsoft WSE
2011-12-06 02:59:07 -------- d-----w- c:\program files\BBLACK
.
==================== Find3M ====================
.
2011-10-10 23:30:24 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-10-10 23:30:23 88 --sh--r- c:\windows\system32\F1B419F270.sys
.
============= FINISH: 14:48:21.22 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 07 January 2012 - 01:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 10 January 2012 - 12:27 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 12 January 2012 - 12:40 AM

i tried to run ComboFix but it does not work. when i start it, it says that PING.exe is not a valid Win32 application or something, then it says access denied. and it starts running the scan. but after 2 hours of "scanning" nothing happens. and unfortunately i cannot leave my laptop on over night. i shall try again tomorow and let it scan longer, i dont know why it takes so long.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 12 January 2012 - 12:45 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 12 January 2012 - 08:10 PM

i have not re-run ComboFix


Here is the TDSSKILLER file:

18:52:49.0011 5900 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
18:52:49.0766 5900 ============================================================
18:52:49.0766 5900 Current date / time: 2012/01/12 18:52:49.0766
18:52:49.0766 5900 SystemInfo:
18:52:49.0766 5900
18:52:49.0766 5900 OS Version: 6.0.6001 ServicePack: 1.0
18:52:49.0766 5900 Product type: Workstation
18:52:49.0767 5900 ComputerName: ADMIN-PC
18:52:49.0767 5900 UserName: admin
18:52:49.0767 5900 Windows directory: C:\Windows
18:52:49.0767 5900 System windows directory: C:\Windows
18:52:49.0767 5900 Processor architecture: Intel x86
18:52:49.0767 5900 Number of processors: 2
18:52:49.0767 5900 Page size: 0x1000
18:52:49.0767 5900 Boot type: Normal boot
18:52:49.0767 5900 ============================================================
18:52:50.0933 5900 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
18:52:51.0046 5900 Initialize success
18:52:55.0387 4984 ============================================================
18:52:55.0387 4984 Scan started
18:52:55.0387 4984 Mode: Manual;
18:52:55.0387 4984 ============================================================
18:52:55.0906 4984 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:52:55.0912 4984 ACPI - ok
18:52:56.0010 4984 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:52:56.0019 4984 adp94xx - ok
18:52:56.0111 4984 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:52:56.0117 4984 adpahci - ok
18:52:56.0177 4984 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:52:56.0179 4984 adpu160m - ok
18:52:56.0230 4984 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:52:56.0234 4984 adpu320 - ok
18:52:56.0329 4984 AFD (6256205c5d12e408e2aff09726c19f51) C:\Windows\system32\drivers\afd.sys
18:52:56.0336 4984 AFD ( Rootkit.Win32.ZAccess.k ) - infected
18:52:56.0336 4984 AFD - detected Rootkit.Win32.ZAccess.k (0)
18:52:56.0435 4984 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:52:56.0437 4984 agp440 - ok
18:52:56.0493 4984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:52:56.0495 4984 aic78xx - ok
18:52:56.0528 4984 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:52:56.0529 4984 aliide - ok
18:52:56.0573 4984 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:52:56.0575 4984 amdagp - ok
18:52:56.0610 4984 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:52:56.0611 4984 amdide - ok
18:52:56.0646 4984 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:52:56.0647 4984 AmdK7 - ok
18:52:56.0675 4984 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:52:56.0677 4984 AmdK8 - ok
18:52:56.0788 4984 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:52:56.0791 4984 ApfiltrService - ok
18:52:56.0987 4984 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:52:56.0990 4984 arc - ok
18:52:57.0042 4984 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:52:57.0044 4984 arcsas - ok
18:52:57.0118 4984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:57.0120 4984 AsyncMac - ok
18:52:57.0172 4984 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:52:57.0174 4984 atapi - ok
18:52:57.0259 4984 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
18:52:57.0305 4984 athr - ok
18:52:57.0455 4984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:52:57.0455 4984 Beep - ok
18:52:57.0491 4984 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:52:57.0493 4984 blbdrive - ok
18:52:57.0555 4984 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:52:57.0557 4984 bowser - ok
18:52:57.0627 4984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:52:57.0629 4984 BrFiltLo - ok
18:52:57.0647 4984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:52:57.0649 4984 BrFiltUp - ok
18:52:57.0758 4984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:52:57.0760 4984 Brserid - ok
18:52:57.0812 4984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:52:57.0814 4984 BrSerWdm - ok
18:52:57.0880 4984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:52:57.0881 4984 BrUsbMdm - ok
18:52:57.0908 4984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:52:57.0909 4984 BrUsbSer - ok
18:52:57.0992 4984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:52:57.0994 4984 BTHMODEM - ok
18:52:58.0053 4984 catchme - ok
18:52:58.0112 4984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:52:58.0114 4984 cdfs - ok
18:52:58.0165 4984 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:52:58.0167 4984 cdrom - ok
18:52:58.0238 4984 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:52:58.0240 4984 circlass - ok
18:52:58.0276 4984 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:52:58.0282 4984 CLFS - ok
18:52:58.0381 4984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:58.0382 4984 CmBatt - ok
18:52:58.0414 4984 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:52:58.0415 4984 cmdide - ok
18:52:58.0493 4984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:52:58.0494 4984 Compbatt - ok
18:52:58.0569 4984 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:52:58.0571 4984 crcdisk - ok
18:52:58.0609 4984 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:52:58.0610 4984 Crusoe - ok
18:52:58.0692 4984 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:52:58.0694 4984 DfsC - ok
18:52:58.0840 4984 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:52:58.0842 4984 disk - ok
18:52:58.0904 4984 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
18:52:58.0905 4984 DMICall - ok
18:52:58.0956 4984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:52:58.0958 4984 drmkaud - ok
18:52:59.0052 4984 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:52:59.0064 4984 DXGKrnl - ok
18:52:59.0100 4984 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:52:59.0103 4984 E1G60 - ok
18:52:59.0136 4984 EagleXNt - ok
18:52:59.0225 4984 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:52:59.0229 4984 Ecache - ok
18:52:59.0362 4984 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:52:59.0371 4984 elxstor - ok
18:52:59.0427 4984 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:52:59.0428 4984 ErrDev - ok
18:52:59.0522 4984 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:52:59.0526 4984 exfat - ok
18:52:59.0579 4984 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:52:59.0581 4984 fastfat - ok
18:52:59.0676 4984 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:52:59.0678 4984 fdc - ok
18:52:59.0747 4984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:52:59.0749 4984 FileInfo - ok
18:52:59.0806 4984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:52:59.0807 4984 Filetrace - ok
18:52:59.0880 4984 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:52:59.0882 4984 flpydisk - ok
18:52:59.0938 4984 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:52:59.0943 4984 FltMgr - ok
18:52:59.0997 4984 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:52:59.0998 4984 Fs_Rec - ok
18:53:00.0049 4984 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:53:00.0051 4984 gagp30kx - ok
18:53:00.0109 4984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:53:00.0110 4984 GEARAspiWDM - ok
18:53:00.0172 4984 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:53:00.0177 4984 HdAudAddService - ok
18:53:00.0224 4984 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:53:00.0225 4984 HDAudBus - ok
18:53:00.0290 4984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:53:00.0291 4984 HidBth - ok
18:53:00.0319 4984 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:53:00.0321 4984 HidIr - ok
18:53:00.0383 4984 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:53:00.0384 4984 HidUsb - ok
18:53:00.0445 4984 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:53:00.0447 4984 HpCISSs - ok
18:53:00.0505 4984 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:53:00.0510 4984 HSFHWAZL - ok
18:53:00.0635 4984 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:53:00.0680 4984 HSF_DPV - ok
18:53:00.0767 4984 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:53:00.0771 4984 HSXHWAZL - ok
18:53:00.0842 4984 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:53:00.0850 4984 HTTP - ok
18:53:00.0948 4984 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:53:00.0950 4984 i2omp - ok
18:53:01.0014 4984 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:01.0016 4984 i8042prt - ok
18:53:01.0082 4984 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
18:53:01.0085 4984 iaStor - ok
18:53:01.0159 4984 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:53:01.0165 4984 iaStorV - ok
18:53:01.0327 4984 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:53:01.0405 4984 igfx - ok
18:53:01.0477 4984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:53:01.0480 4984 iirsp - ok
18:53:01.0680 4984 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
18:53:01.0747 4984 IntcAzAudAddService - ok
18:53:01.0842 4984 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:53:01.0843 4984 intelide - ok
18:53:01.0909 4984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:53:01.0911 4984 intelppm - ok
18:53:01.0981 4984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:01.0982 4984 IpFilterDriver - ok
18:53:02.0032 4984 IpInIp - ok
18:53:02.0096 4984 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:53:02.0098 4984 IPMIDRV - ok
18:53:02.0150 4984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:53:02.0153 4984 IPNAT - ok
18:53:02.0219 4984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:53:02.0220 4984 IRENUM - ok
18:53:02.0271 4984 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:53:02.0274 4984 isapnp - ok
18:53:02.0343 4984 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:02.0347 4984 iScsiPrt - ok
18:53:02.0401 4984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:53:02.0403 4984 iteatapi - ok
18:53:02.0441 4984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:53:02.0442 4984 iteraid - ok
18:53:02.0518 4984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:02.0519 4984 kbdclass - ok
18:53:02.0600 4984 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:53:02.0601 4984 kbdhid - ok
18:53:02.0691 4984 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:53:02.0725 4984 KSecDD - ok
18:53:02.0792 4984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:53:02.0794 4984 lltdio - ok
18:53:02.0858 4984 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:53:02.0861 4984 LSI_FC - ok
18:53:02.0920 4984 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:53:02.0922 4984 LSI_SAS - ok
18:53:02.0953 4984 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:53:02.0956 4984 LSI_SCSI - ok
18:53:02.0991 4984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:53:02.0994 4984 luafv - ok
18:53:03.0064 4984 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:53:03.0065 4984 MBAMProtector - ok
18:53:03.0357 4984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:53:03.0358 4984 mdmxsdk - ok
18:53:03.0468 4984 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:53:03.0469 4984 megasas - ok
18:53:03.0508 4984 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:53:03.0515 4984 MegaSR - ok
18:53:03.0632 4984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:53:03.0634 4984 Modem - ok
18:53:03.0706 4984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:53:03.0708 4984 monitor - ok
18:53:03.0757 4984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:53:03.0758 4984 mouclass - ok
18:53:03.0816 4984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:53:03.0817 4984 mouhid - ok
18:53:03.0870 4984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:53:03.0871 4984 MountMgr - ok
18:53:03.0950 4984 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
18:53:03.0954 4984 MpFilter - ok
18:53:04.0026 4984 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:53:04.0030 4984 mpio - ok
18:53:04.0152 4984 MpKsl000b3769 - ok
18:53:04.0179 4984 MpKsl011b7d7b - ok
18:53:04.0198 4984 MpKsl02982c1f - ok
18:53:04.0244 4984 MpKsl08be3f40 - ok
18:53:04.0279 4984 MpKsl090630d3 - ok
18:53:04.0289 4984 MpKsl0c21a57a - ok
18:53:04.0362 4984 MpKsl0d2c31cc (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00606C6C-D300-4C40-B114-6FB9DAA78EBE}\MpKsl0d2c31cc.sys
18:53:04.0363 4984 MpKsl0d2c31cc - ok
18:53:04.0405 4984 MpKsl0e703144 - ok
18:53:04.0452 4984 MpKsl10489e05 - ok
18:53:04.0464 4984 MpKsl18f5749e - ok
18:53:04.0485 4984 MpKsl1b80fdce - ok
18:53:04.0501 4984 MpKsl1bc48fc9 - ok
18:53:04.0534 4984 MpKsl1c71f16a - ok
18:53:04.0544 4984 MpKsl1e2b0651 - ok
18:53:04.0554 4984 MpKsl1f39117b - ok
18:53:04.0593 4984 MpKsl1f71d935 - ok
18:53:04.0601 4984 MpKsl236c5ec7 - ok
18:53:04.0613 4984 MpKsl27f6d25b - ok
18:53:04.0622 4984 MpKsl29c33bfa - ok
18:53:04.0652 4984 MpKsl2a11e48a - ok
18:53:04.0669 4984 MpKsl392635df - ok
18:53:04.0706 4984 MpKsl3e5eac98 - ok
18:53:04.0728 4984 MpKsl3f0a4399 - ok
18:53:04.0745 4984 MpKsl4588d5a8 - ok
18:53:04.0798 4984 MpKsl4d1048b4 - ok
18:53:04.0808 4984 MpKsl4d3ed05f - ok
18:53:04.0819 4984 MpKsl5016881e - ok
18:53:04.0829 4984 MpKsl50d85278 - ok
18:53:04.0858 4984 MpKsl52f49b1b - ok
18:53:04.0869 4984 MpKsl53841e5b - ok
18:53:04.0880 4984 MpKsl59611c4a - ok
18:53:04.0949 4984 MpKsl5b037019 - ok
18:53:04.0962 4984 MpKsl60db9781 - ok
18:53:04.0967 4984 MpKsl60dcd177 - ok
18:53:04.0980 4984 MpKsl6457271e - ok
18:53:04.0986 4984 MpKsl6d713c49 - ok
18:53:04.0999 4984 MpKsl705ad1ff - ok
18:53:05.0028 4984 MpKsl71711e4d - ok
18:53:05.0036 4984 MpKsl721f8e9a - ok
18:53:05.0047 4984 MpKsl726df943 - ok
18:53:05.0055 4984 MpKsl76caa3b3 - ok
18:53:05.0066 4984 MpKsl77dddbf1 - ok
18:53:05.0093 4984 MpKsl7b109051 - ok
18:53:05.0115 4984 MpKsl7c1a5167 - ok
18:53:05.0135 4984 MpKsl7fa92868 - ok
18:53:05.0148 4984 MpKsl7fbe0986 - ok
18:53:05.0156 4984 MpKsl82128020 - ok
18:53:05.0170 4984 MpKsl86ef55cc - ok
18:53:05.0183 4984 MpKsl884437b5 - ok
18:53:05.0197 4984 MpKsl888977fd - ok
18:53:05.0206 4984 MpKsl8ce3a64f - ok
18:53:05.0240 4984 MpKsl8d4fba1f - ok
18:53:05.0316 4984 MpKsl8fe85a0f - ok
18:53:05.0354 4984 MpKsl9c012c33 - ok
18:53:05.0385 4984 MpKsl9d4bbbfd - ok
18:53:05.0399 4984 MpKsl9e216790 - ok
18:53:05.0452 4984 MpKsla0e604a8 - ok
18:53:05.0482 4984 MpKsla4e2dd13 - ok
18:53:05.0520 4984 MpKsla61feb58 - ok
18:53:05.0532 4984 MpKsla6e4248a - ok
18:53:05.0540 4984 MpKsla9000dbf - ok
18:53:05.0585 4984 MpKsla93fa17a - ok
18:53:05.0649 4984 MpKslad345a35 - ok
18:53:05.0682 4984 MpKslaf703eda - ok
18:53:05.0696 4984 MpKslaf9812be - ok
18:53:05.0719 4984 MpKslb16f175d - ok
18:53:05.0738 4984 MpKslb21cbca7 - ok
18:53:05.0776 4984 MpKslb3a7e6dd - ok
18:53:05.0785 4984 MpKslb6fe1028 - ok
18:53:05.0797 4984 MpKslb73dceb0 - ok
18:53:05.0815 4984 MpKslb91cb9b9 - ok
18:53:05.0871 4984 MpKslbb3a59bd - ok
18:53:05.0897 4984 MpKslbb4fc802 - ok
18:53:05.0913 4984 MpKslbea85314 - ok
18:53:05.0924 4984 MpKslbf54af96 - ok
18:53:05.0934 4984 MpKslc0719c45 - ok
18:53:05.0946 4984 MpKslc2366934 - ok
18:53:05.0953 4984 MpKslc33e2d81 - ok
18:53:05.0966 4984 MpKslc412383f - ok
18:53:05.0996 4984 MpKslc847de27 - ok
18:53:06.0006 4984 MpKslc86e8d04 - ok
18:53:06.0035 4984 MpKslc90dc697 - ok
18:53:06.0066 4984 MpKslca7b5ea5 - ok
18:53:06.0092 4984 MpKslcab4118b - ok
18:53:06.0113 4984 MpKslcade436b - ok
18:53:06.0119 4984 MpKslcb181269 - ok
18:53:06.0130 4984 MpKslcc751b2a - ok
18:53:06.0140 4984 MpKsld150870b - ok
18:53:06.0151 4984 MpKsld30579c1 - ok
18:53:06.0185 4984 MpKsld6ca4724 - ok
18:53:06.0197 4984 MpKsld6fbe507 - ok
18:53:06.0228 4984 MpKsldfcb430f - ok
18:53:06.0242 4984 MpKsle0a2676b - ok
18:53:06.0255 4984 MpKsle80b32da - ok
18:53:06.0288 4984 MpKsleb387a5e - ok
18:53:06.0306 4984 MpKslefaf94df - ok
18:53:06.0319 4984 MpKslf00159bd - ok
18:53:06.0335 4984 MpKslf7f34645 - ok
18:53:06.0347 4984 MpKslf92d0dc0 - ok
18:53:06.0356 4984 MpKslfa7565a7 - ok
18:53:06.0370 4984 MpKslfc20baf7 - ok
18:53:06.0811 4984 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:53:06.0830 4984 MpNWMon - ok
18:53:06.0948 4984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:53:06.0950 4984 mpsdrv - ok
18:53:07.0029 4984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:53:07.0037 4984 Mraid35x - ok
18:53:07.0128 4984 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:53:07.0165 4984 MRxDAV - ok
18:53:07.0433 4984 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:07.0448 4984 mrxsmb - ok
18:53:07.0629 4984 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:07.0663 4984 mrxsmb10 - ok
18:53:07.0760 4984 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:07.0776 4984 mrxsmb20 - ok
18:53:07.0829 4984 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:53:07.0845 4984 msahci - ok
18:53:07.0910 4984 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:53:07.0923 4984 msdsm - ok
18:53:08.0052 4984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:53:08.0054 4984 Msfs - ok
18:53:08.0120 4984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:53:08.0122 4984 msisadrv - ok
18:53:08.0207 4984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:53:08.0208 4984 MSKSSRV - ok
18:53:08.0267 4984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:08.0268 4984 MSPCLOCK - ok
18:53:08.0312 4984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:53:08.0314 4984 MSPQM - ok
18:53:08.0363 4984 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:53:08.0367 4984 MsRPC - ok
18:53:08.0398 4984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:08.0399 4984 mssmbios - ok
18:53:08.0442 4984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:53:08.0443 4984 MSTEE - ok
18:53:08.0465 4984 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:53:08.0467 4984 Mup - ok
18:53:08.0575 4984 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:53:08.0579 4984 NativeWifiP - ok
18:53:08.0662 4984 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:53:08.0675 4984 NDIS - ok
18:53:08.0718 4984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:08.0720 4984 NdisTapi - ok
18:53:08.0757 4984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:08.0758 4984 Ndisuio - ok
18:53:08.0815 4984 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:08.0818 4984 NdisWan - ok
18:53:08.0864 4984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:53:08.0867 4984 NDProxy - ok
18:53:08.0922 4984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:53:08.0924 4984 NetBIOS - ok
18:53:08.0983 4984 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:53:08.0988 4984 netbt - ok
18:53:09.0283 4984 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:53:09.0361 4984 NETw3v32 - ok
18:53:09.0488 4984 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:53:09.0580 4984 NETw4v32 - ok
18:53:09.0702 4984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:53:09.0703 4984 nfrd960 - ok
18:53:09.0777 4984 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:53:09.0779 4984 NisDrv - ok
18:53:09.0877 4984 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:53:09.0907 4984 Npfs - ok
18:53:09.0983 4984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:53:09.0984 4984 nsiproxy - ok
18:53:10.0113 4984 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:53:10.0159 4984 Ntfs - ok
18:53:10.0270 4984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:53:10.0271 4984 ntrigdigi - ok
18:53:10.0334 4984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:53:10.0335 4984 Null - ok
18:53:10.0415 4984 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:53:10.0419 4984 nvraid - ok
18:53:10.0458 4984 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:53:10.0460 4984 nvstor - ok
18:53:10.0501 4984 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:53:10.0504 4984 nv_agp - ok
18:53:10.0520 4984 NwlnkFlt - ok
18:53:10.0538 4984 NwlnkFwd - ok
18:53:10.0600 4984 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:53:10.0602 4984 ohci1394 - ok
18:53:10.0675 4984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:53:10.0677 4984 Parport - ok
18:53:10.0712 4984 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:53:10.0716 4984 partmgr - ok
18:53:10.0780 4984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:53:10.0782 4984 Parvdm - ok
18:53:10.0822 4984 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:53:10.0826 4984 pci - ok
18:53:10.0857 4984 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:53:10.0859 4984 pciide - ok
18:53:10.0929 4984 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:53:10.0934 4984 pcmcia - ok
18:53:11.0021 4984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:53:11.0066 4984 PEAUTH - ok
18:53:11.0211 4984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:53:11.0214 4984 PptpMiniport - ok
18:53:11.0268 4984 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:53:11.0270 4984 Processor - ok
18:53:11.0360 4984 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:53:11.0362 4984 PSched - ok
18:53:11.0403 4984 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:53:11.0405 4984 PxHelp20 - ok
18:53:11.0512 4984 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:53:11.0568 4984 ql2300 - ok
18:53:11.0683 4984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:53:11.0686 4984 ql40xx - ok
18:53:11.0742 4984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:53:11.0743 4984 QWAVEdrv - ok
18:53:11.0809 4984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:53:11.0810 4984 RasAcd - ok
18:53:11.0847 4984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:11.0850 4984 Rasl2tp - ok
18:53:11.0908 4984 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:11.0910 4984 RasPppoe - ok
18:53:11.0964 4984 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:53:11.0968 4984 RasSstp - ok
18:53:12.0029 4984 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:53:12.0034 4984 rdbss - ok
18:53:12.0101 4984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:12.0103 4984 RDPCDD - ok
18:53:12.0178 4984 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:53:12.0183 4984 rdpdr - ok
18:53:12.0227 4984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:53:12.0229 4984 RDPENCDD - ok
18:53:12.0287 4984 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:53:12.0291 4984 RDPWD - ok
18:53:12.0331 4984 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
18:53:12.0332 4984 regi - ok
18:53:12.0396 4984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:53:12.0397 4984 rspndr - ok
18:53:12.0435 4984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:53:12.0438 4984 sbp2port - ok
18:53:12.0504 4984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:53:12.0505 4984 secdrv - ok
18:53:12.0585 4984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:53:12.0586 4984 Serenum - ok
18:53:12.0660 4984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:53:12.0662 4984 Serial - ok
18:53:12.0711 4984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:53:12.0713 4984 sermouse - ok
18:53:12.0788 4984 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
18:53:12.0789 4984 SFEP - ok
18:53:12.0840 4984 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:53:12.0841 4984 sffdisk - ok
18:53:12.0878 4984 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:53:12.0879 4984 sffp_mmc - ok
18:53:12.0903 4984 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:53:12.0905 4984 sffp_sd - ok
18:53:12.0962 4984 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:53:12.0964 4984 sfloppy - ok
18:53:13.0052 4984 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:53:13.0054 4984 sisagp - ok
18:53:13.0114 4984 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:53:13.0116 4984 SiSRaid2 - ok
18:53:13.0180 4984 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:53:13.0182 4984 SiSRaid4 - ok
18:53:13.0250 4984 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:53:13.0252 4984 Smb - ok
18:53:13.0319 4984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:53:13.0321 4984 spldr - ok
18:53:13.0374 4984 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
18:53:13.0374 4984 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
18:53:13.0376 4984 sptd ( LockedFile.Multi.Generic ) - warning
18:53:13.0376 4984 sptd - detected LockedFile.Multi.Generic (1)
18:53:13.0508 4984 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:53:13.0515 4984 srv - ok
18:53:13.0586 4984 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:53:13.0590 4984 srv2 - ok
18:53:13.0614 4984 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:53:13.0617 4984 srvnet - ok
18:53:13.0746 4984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:53:13.0748 4984 swenum - ok
18:53:13.0849 4984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:53:13.0851 4984 Symc8xx - ok
18:53:13.0905 4984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:53:13.0907 4984 Sym_hi - ok
18:53:13.0968 4984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:53:13.0970 4984 Sym_u3 - ok
18:53:14.0104 4984 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
18:53:14.0148 4984 Tcpip - ok
18:53:14.0238 4984 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
18:53:14.0246 4984 Tcpip6 - ok
18:53:14.0292 4984 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:53:14.0294 4984 tcpipreg - ok
18:53:14.0348 4984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:53:14.0348 4984 TDPIPE - ok
18:53:14.0411 4984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:53:14.0413 4984 TDTCP - ok
18:53:14.0460 4984 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:53:14.0462 4984 tdx - ok
18:53:14.0486 4984 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:53:14.0488 4984 TermDD - ok
18:53:14.0605 4984 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
18:53:14.0649 4984 ti21sony - ok
18:53:14.0718 4984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:14.0720 4984 tssecsrv - ok
18:53:14.0752 4984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:53:14.0754 4984 tunmp - ok
18:53:14.0772 4984 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:53:14.0774 4984 tunnel - ok
18:53:14.0817 4984 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:53:14.0820 4984 uagp35 - ok
18:53:14.0869 4984 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:53:14.0875 4984 udfs - ok
18:53:14.0915 4984 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:53:14.0917 4984 uliagpkx - ok
18:53:14.0956 4984 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:53:14.0961 4984 uliahci - ok
18:53:15.0027 4984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:53:15.0029 4984 UlSata - ok
18:53:15.0086 4984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:53:15.0089 4984 ulsata2 - ok
18:53:15.0119 4984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:53:15.0121 4984 umbus - ok
18:53:15.0185 4984 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:53:15.0187 4984 USBAAPL - ok
18:53:15.0243 4984 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:15.0246 4984 usbccgp - ok
18:53:15.0288 4984 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:53:15.0290 4984 usbcir - ok
18:53:15.0430 4984 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:53:15.0432 4984 usbehci - ok
18:53:15.0504 4984 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:53:15.0508 4984 usbhub - ok
18:53:15.0610 4984 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:53:15.0612 4984 usbohci - ok
18:53:15.0673 4984 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:53:15.0675 4984 usbprint - ok
18:53:15.0754 4984 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:53:15.0756 4984 usbscan - ok
18:53:15.0853 4984 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:15.0855 4984 USBSTOR - ok
18:53:15.0908 4984 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:53:15.0910 4984 usbuhci - ok
18:53:16.0191 4984 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:16.0193 4984 vga - ok
18:53:16.0224 4984 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:53:16.0225 4984 VgaSave - ok
18:53:16.0262 4984 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:53:16.0264 4984 viaagp - ok
18:53:16.0318 4984 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:53:16.0321 4984 ViaC7 - ok
18:53:16.0375 4984 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:53:16.0378 4984 viaide - ok
18:53:16.0447 4984 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:53:16.0450 4984 volmgr - ok
18:53:16.0516 4984 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:53:16.0522 4984 volmgrx - ok
18:53:16.0589 4984 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:53:16.0594 4984 volsnap - ok
18:53:16.0657 4984 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:53:16.0660 4984 vsmraid - ok
18:53:16.0767 4984 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:53:16.0769 4984 WacomPen - ok
18:53:16.0819 4984 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:16.0822 4984 Wanarp - ok
18:53:16.0829 4984 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:16.0830 4984 Wanarpv6 - ok
18:53:16.0873 4984 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:53:16.0875 4984 Wd - ok
18:53:16.0918 4984 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:53:16.0929 4984 Wdf01000 - ok
18:53:17.0072 4984 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
18:53:17.0076 4984 WimFltr - ok
18:53:17.0181 4984 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:53:17.0227 4984 winachsf - ok
18:53:17.0334 4984 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:53:17.0336 4984 WmiAcpi - ok
18:53:17.0475 4984 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:53:17.0477 4984 WpdUsb - ok
18:53:17.0537 4984 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:53:17.0539 4984 ws2ifsl - ok
18:53:17.0660 4984 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:17.0663 4984 WUDFRd - ok
18:53:17.0741 4984 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:53:17.0743 4984 XAudio - ok
18:53:17.0809 4984 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
18:53:17.0811 4984 xusb21 - ok
18:53:17.0875 4984 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
18:53:17.0880 4984 yukonwlh - ok
18:53:17.0919 4984 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:53:17.0980 4984 \Device\Harddisk0\DR0 - ok
18:53:17.0985 4984 Boot (0x1200) (3c03026ac0c253cfbb9b65e690dfe4d8) \Device\Harddisk0\DR0\Partition0
18:53:17.0986 4984 \Device\Harddisk0\DR0\Partition0 - ok
18:53:17.0991 4984 ============================================================
18:53:17.0991 4984 Scan finished
18:53:17.0991 4984 ============================================================
18:53:18.0013 5808 Detected object count: 2
18:53:18.0013 5808 Actual detected object count: 2
18:53:39.0537 5808 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
18:53:44.0362 5808 Backup copy not found, trying to cure infected file..
18:53:44.0399 5808 Cure success, using it..
18:53:44.0459 5808 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
18:53:49.0377 5808 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
18:53:49.0379 5808 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:53:49.0379 5808 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:53:58.0708 3592 Deinitialize success

Edited by xcharger, 12 January 2012 - 08:10 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 12 January 2012 - 08:54 PM

try and rerun it now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 13 January 2012 - 01:00 AM

i cannot use the internet on my laptop anymore. it says "Illegal operations attempted on a registry key

that has been marked for deletion." it says this for both Internet Explorer and Google Chrome. i dont know what this means. My laptop seems to be running slower and im not even using the internet.

please help.

EDIT: Restarting my laptop allowed me to use the internet. Does my laptop have many malware/problems wrong with it? i have no clue what condition it is in. Thanks for helping so far Gringo!



Heres the most current Log -

ComboFix 12-01-10.02 - admin 01/12/2012 23:26:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1103 [GMT -6:00]
Running from: c:\users\admin\Downloads\programsss\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 05:43 . 2012-01-13 05:44 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-01-13 05:43 . 2012-01-13 05:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 05:14 . 2012-01-13 05:14 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00606C6C-D300-4C40-B114-6FB9DAA78EBE}\offreg.dll
2012-01-12 05:29 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00606C6C-D300-4C40-B114-6FB9DAA78EBE}\mpengine.dll
2012-01-03 00:59 . 2012-01-03 00:59 -------- d-----w- C:\found.001
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\Application Updater
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-27 17:25 . 2008-10-15 12:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-27 17:25 . 2008-10-15 12:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-27 17:25 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 00:57 . 2011-06-16 20:50 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 21:24 . 2011-06-07 02:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 10:47 . 2010-11-29 17:51 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-475477027-2064296782-3093703003-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-475477027-2064296782-3093703003-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:40]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-475477027-2064296782-3093703003-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:61535
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188}: NameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{AB0C8BE3-041C-47d6-8195-E089D32B38DD} - (no file)
SafeBoot-43290760.sys
AddRemove-AVS4YOU Video Converter 7_is1 - i:\avsvideoconverter\unins000.exe
AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 23:44
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-12 23:51:35
ComboFix-quarantined-files.txt 2012-01-13 05:51
.
Pre-Run: 14,563,510,272 bytes free
Post-Run: 14,616,639,488 bytes free
.
- - End Of File - - FC1FE002D972A74B92B7E18E8E2CCF31

Edited by xcharger, 13 January 2012 - 01:21 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 13 January 2012 - 02:51 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 13 January 2012 - 11:49 AM

Hey,
i am now having problems saving things to my harddrive. It says i need Administrator permission to save onto my harddrive, but the thing is i am Admin.
i tried saving CFScript onto my hardrive but it said i need "Administrator permission", then it says "would i like to save on to My Documents instead?" i'd click yes but it says "Cannot Create File, Make sure path and file name is correct"
i had to save onto a USB to make the file. :(

Another problem: Now my laptop needs admin permission to do every single little task like moving / deleting a simple file. And I cannot play any of my installed games anymore, it will say "a problem has occured, the program will be shut down!"

Please Help!

EDIT: My internet acces is very slow, it takes 5minutes to load a youtube video and the video is only 3minutes long!!!!



ComboFix 12-01-10.02 - admin 01/13/2012 10:14:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1073 [GMT -6:00]
Running from: c:\users\admin\Downloads\programsss\ComboFix.exe
Command switches used :: c:\users\admin\Downloads\programsss\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 16:24 . 2012-01-13 16:25 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-01-13 16:24 . 2012-01-13 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 15:46 . 2012-01-13 15:46 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FCA9F72-EF51-4A9E-BAAA-3041EF38FCF9}\MpKsl6674c96b.sys
2012-01-13 15:46 . 2012-01-13 15:46 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FCA9F72-EF51-4A9E-BAAA-3041EF38FCF9}\offreg.dll
2012-01-13 05:53 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FCA9F72-EF51-4A9E-BAAA-3041EF38FCF9}\mpengine.dll
2012-01-03 00:59 . 2012-01-03 00:59 -------- d-----w- C:\found.001
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\Application Updater
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-12-27 20:28 . 2011-12-27 20:28 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-27 17:25 . 2008-10-15 12:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-12-27 17:25 . 2008-10-15 12:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-12-27 17:25 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 00:57 . 2011-06-16 20:50 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 21:24 . 2011-06-07 02:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 10:47 . 2010-11-29 17:51 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-475477027-2064296782-3093703003-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6674C96B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-475477027-2064296782-3093703003-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:40]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-475477027-2064296782-3093703003-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:61535
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7FA4822C-538A-49EB-92B7-2F28F29C0188}: NameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 10:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-13 10:28:13
ComboFix-quarantined-files.txt 2012-01-13 16:28
ComboFix2.txt 2012-01-13 05:51
.
Pre-Run: 15,553,050,624 bytes free
Post-Run: 15,740,305,408 bytes free
.
- - End Of File - - E9A35BD9E2D7EBAAE698603B6487FBA2

Edited by xcharger, 13 January 2012 - 12:18 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 13 January 2012 - 03:18 PM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 13 January 2012 - 04:33 PM

i have done everything you said. i opened junc.bat and it opened an empty log.txt

was it supposed to do that?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 13 January 2012 - 04:51 PM

Hello

1. make sure junction.exe is on the C drive

2.click on start

3. click on run

4. type CMD into the run box and click on OK

5. copy and paste thes line into the CMD window


cd c:\
junction -s c:\>log.txt
start log.txt

6. wait about 5 min untill the report popsup

7.copy and paste this report here

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 xcharger

xcharger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 14 January 2012 - 10:59 AM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


\\?\c:\\Documents and Settings\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Documents and Settings\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default


Failed to open \\?\c:\\Documents and Settings\admin\Application Data: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\Cookies: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\Local Settings: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\My Documents: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NetHood: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\ntuser.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\ntuser.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c055-fc49-11df-9c83-001a80b947c1}.TxR.0.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c055-fc49-11df-9c83-001a80b947c1}.TxR.1.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c055-fc49-11df-9c83-001a80b947c1}.TxR.2.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c055-fc49-11df-9c83-001a80b947c1}.TxR.blf: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c056-fc49-11df-9c83-001a80b947c1}.TM.blf: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c056-fc49-11df-9c83-001a80b947c1}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{39f3c056-fc49-11df-9c83-001a80b947c1}.TMContainer00000000000000000002.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\ntuser.ini: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\PrintHood: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\Recent: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\SendTo: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\Start Menu: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\Templates: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local

.
Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local

.
Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


.\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.




\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


\\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data: JUNCTION
Print Name : C:\Users\admin\AppData\Local
Substitute Name: C:\Users\admin\AppData\Local


Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files: Access is denied.


...
Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TM.blf: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TMContainer00000000000000000002.regtrans-ms: Access is denied.




...

.
Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TM.blf: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Documents and Settings\admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{63e80f6f-fb89-11df-a2a2-001a80b947c1}.TMContainer00000000000000000002.regtrans-ms: Access is denied.


.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:49 AM

Posted 15 January 2012 - 11:14 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users