Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit Response with failed log update.


  • This topic is locked This topic is locked
36 replies to this topic

#1 Harvestsmiles

Harvestsmiles

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 14 November 2013 - 10:58 PM

http://www.bleepingcomputer.com/forums/t/513580/zeroaccess-trojan-unable-to-download-any-removal-tools/#entry3203757

 

 

Started going through the "Prep Guide" and checked my firewall. It it turned off and I can not turn it on. I get the errors "Due to an unidentified problem, Windows can not display Windows Firewall Settings" and "Windows Firewall was unable to make the requested updates."

 

I clicked on the DDS Link and tried to download. I get the error "dds.com contained a virus and was deleted."   The driections suggest disabling "script-blocking" programs but I am not sure which those would be and how to go about disabling them. I downloaded tdsskiller onto a thumbdrive and ran it from the thumbdrive and got this log:

2013/11/14 20:50:07.0833 2852 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2013/11/14 20:50:10.0553 2852 ================================================================================
2013/11/14 20:50:10.0553 2852 SystemInfo:
2013/11/14 20:50:10.0553 2852 
2013/11/14 20:50:10.0553 2852 OS Version: 6.0.6002 ServicePack: 2.0
2013/11/14 20:50:10.0553 2852 Product type: Workstation
2013/11/14 20:50:10.0553 2852 ComputerName: MONKEY-PC
2013/11/14 20:50:10.0553 2852 UserName: Monkey
2013/11/14 20:50:10.0553 2852 Windows directory: C:\Windows
2013/11/14 20:50:10.0553 2852 System windows directory: C:\Windows
2013/11/14 20:50:10.0553 2852 Processor architecture: Intel x86
2013/11/14 20:50:10.0553 2852 Number of processors: 2
2013/11/14 20:50:10.0553 2852 Page size: 0x1000
2013/11/14 20:50:10.0553 2852 Boot type: Normal boot
2013/11/14 20:50:10.0553 2852 ================================================================================
2013/11/14 20:50:11.0713 2852 Initialize success
2013/11/14 20:50:19.0173 4460 ================================================================================
2013/11/14 20:50:19.0173 4460 Scan started
2013/11/14 20:50:19.0173 4460 Mode: Manual;
2013/11/14 20:50:19.0173 4460 ================================================================================
2013/11/14 20:50:20.0803 4460 62747321        (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\62747321.sys
2013/11/14 20:50:20.0883 4460 62747322        (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\62747322.sys
2013/11/14 20:50:21.0013 4460 ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2013/11/14 20:50:21.0213 4460 adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2013/11/14 20:50:21.0493 4460 adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2013/11/14 20:50:21.0603 4460 adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2013/11/14 20:50:21.0823 4460 adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2013/11/14 20:50:22.0033 4460 AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2013/11/14 20:50:22.0223 4460 AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2013/11/14 20:50:22.0413 4460 agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2013/11/14 20:50:22.0483 4460 aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2013/11/14 20:50:22.0653 4460 aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2013/11/14 20:50:22.0783 4460 amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2013/11/14 20:50:22.0853 4460 amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2013/11/14 20:50:22.0953 4460 AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2013/11/14 20:50:23.0163 4460 AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2013/11/14 20:50:23.0253 4460 arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2013/11/14 20:50:23.0413 4460 arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2013/11/14 20:50:23.0513 4460 aswFsBlk        (b9fe438b3cad82b2014710349a2022f7) C:\Windows\system32\drivers\aswFsBlk.sys
2013/11/14 20:50:23.0683 4460 aswFW           (7a9574e9c68addcc41abdf322f3eb0b9) C:\Windows\system32\drivers\aswFW.sys
2013/11/14 20:50:23.0793 4460 aswKbd          (77d1bb80580ee1ac9f517d098debe5f6) C:\Windows\system32\drivers\aswKbd.sys
2013/11/14 20:50:23.0963 4460 aswMonFlt       (ae5549dd21f6de06406031ef1d51acc3) C:\Windows\system32\drivers\aswMonFlt.sys
2013/11/14 20:50:24.0003 4460 aswNdis         (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
2013/11/14 20:50:24.0093 4460 aswNdis2        (cea23b5ad792edb63f30794fe38be45d) C:\Windows\system32\drivers\aswNdis2.sys
2013/11/14 20:50:24.0183 4460 AswRdr          (d084d0a7a66619fc29776cbbb9d5fa55) C:\Windows\system32\drivers\AswRdr.sys
2013/11/14 20:50:24.0363 4460 aswRvrt         (fa72fa503f580c3c628dd8c7d7622e37) C:\Windows\system32\drivers\aswRvrt.sys
2013/11/14 20:50:24.0463 4460 aswSnx          (4d53349d848c6badb3d4acbe98c27676) C:\Windows\system32\drivers\aswSnx.sys
2013/11/14 20:50:24.0703 4460 aswSP           (813024dfd54a41b3afae2b1e2796cb80) C:\Windows\system32\drivers\aswSP.sys
2013/11/14 20:50:24.0813 4460 aswTdi          (5e18413310134130d7772f0668698cb7) C:\Windows\system32\drivers\aswTdi.sys
2013/11/14 20:50:25.0033 4460 aswVmm          (a5f637d61719d37a5b4868c385e363c0) C:\Windows\system32\drivers\aswVmm.sys
2013/11/14 20:50:25.0143 4460 AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2013/11/14 20:50:25.0283 4460 atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2013/11/14 20:50:25.0453 4460 athr            (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2013/11/14 20:50:25.0743 4460 Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2013/11/14 20:50:25.0983 4460 BHDrvx86        (22c49de7297ae80f27f2e4a00f3d7c94) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20131101.003\BHDrvx86.sys
2013/11/14 20:50:26.0163 4460 blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2013/11/14 20:50:26.0263 4460 bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2013/11/14 20:50:26.0473 4460 BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2013/11/14 20:50:26.0523 4460 BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2013/11/14 20:50:26.0773 4460 Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2013/11/14 20:50:26.0853 4460 BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2013/11/14 20:50:27.0001 4460 BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2013/11/14 20:50:27.0110 4460 BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2013/11/14 20:50:27.0266 4460 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
2013/11/14 20:50:27.0375 4460 BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2013/11/14 20:50:27.0531 4460 cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2013/11/14 20:50:27.0718 4460 Cdr4_xp         (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
2013/11/14 20:50:27.0812 4460 Cdralw2k        (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
2013/11/14 20:50:27.0921 4460 cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2013/11/14 20:50:28.0077 4460 circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2013/11/14 20:50:28.0233 4460 CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2013/11/14 20:50:28.0498 4460 CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2013/11/14 20:50:28.0576 4460 cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2013/11/14 20:50:28.0639 4460 Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2013/11/14 20:50:28.0826 4460 crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2013/11/14 20:50:28.0904 4460 Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2013/11/14 20:50:29.0013 4460 DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2013/11/14 20:50:29.0303 4460 disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2013/11/14 20:50:29.0593 4460 drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2013/11/14 20:50:29.0683 4460 DXGKrnl         (988670d8343ef9835fb3659db71b2efa) C:\Windows\System32\drivers\dxgkrnl.sys
2013/11/14 20:50:29.0923 4460 E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2013/11/14 20:50:30.0033 4460 Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2013/11/14 20:50:30.0143 4460 eeCtrl          (e1e3804f7c59ea3e14637c2a763f65e2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2013/11/14 20:50:30.0313 4460 elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2013/11/14 20:50:30.0473 4460 EraserUtilRebootDrv (6d84dfc3b5c5052881bf50470d0c03d1) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2013/11/14 20:50:30.0633 4460 ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2013/11/14 20:50:30.0793 4460 exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2013/11/14 20:50:30.0913 4460 fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2013/11/14 20:50:31.0103 4460 fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2013/11/14 20:50:31.0293 4460 FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2013/11/14 20:50:31.0363 4460 Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2013/11/14 20:50:31.0503 4460 flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2013/11/14 20:50:31.0653 4460 FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2013/11/14 20:50:31.0803 4460 Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
2013/11/14 20:50:31.0923 4460 FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2013/11/14 20:50:32.0053 4460 gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2013/11/14 20:50:32.0203 4460 GEARAspiWDM     (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013/11/14 20:50:32.0393 4460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2013/11/14 20:50:32.0513 4460 HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2013/11/14 20:50:32.0653 4460 HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2013/11/14 20:50:32.0753 4460 HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2013/11/14 20:50:32.0913 4460 HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2013/11/14 20:50:33.0043 4460 HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2013/11/14 20:50:33.0163 4460 HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2013/11/14 20:50:33.0343 4460 i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2013/11/14 20:50:33.0503 4460 i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2013/11/14 20:50:33.0723 4460 iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2013/11/14 20:50:33.0823 4460 iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2013/11/14 20:50:34.0133 4460 IDSVix86        (45d86c8f27382832bcadbc01552e0cb3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20131114.001\IDSvix86.sys
2013/11/14 20:50:34.0393 4460 igfx            (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2013/11/14 20:50:34.0573 4460 iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2013/11/14 20:50:35.0043 4460 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2013/11/14 20:50:35.0283 4460 intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2013/11/14 20:50:35.0363 4460 intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2013/11/14 20:50:35.0543 4460 IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2013/11/14 20:50:35.0723 4460 IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2013/11/14 20:50:35.0933 4460 IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2013/11/14 20:50:36.0023 4460 IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2013/11/14 20:50:36.0123 4460 isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2013/11/14 20:50:36.0233 4460 iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2013/11/14 20:50:36.0313 4460 iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2013/11/14 20:50:36.0553 4460 iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2013/11/14 20:50:36.0633 4460 jswpslwf        (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
2013/11/14 20:50:36.0763 4460 Kaspersky Virus Removal Tool 2010 v9.0.0.722drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\6274732.sys
2013/11/14 20:50:36.0893 4460 kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2013/11/14 20:50:36.0993 4460 kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2013/11/14 20:50:37.0153 4460 KR10I           (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2013/11/14 20:50:37.0233 4460 KR10N           (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2013/11/14 20:50:37.0333 4460 KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
2013/11/14 20:50:37.0543 4460 lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2013/11/14 20:50:37.0633 4460 LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2013/11/14 20:50:37.0793 4460 LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2013/11/14 20:50:37.0863 4460 LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2013/11/14 20:50:37.0933 4460 luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2013/11/14 20:50:38.0123 4460 megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2013/11/14 20:50:38.0233 4460 MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2013/11/14 20:50:38.0373 4460 Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2013/11/14 20:50:38.0453 4460 monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2013/11/14 20:50:38.0623 4460 motandroidusb   (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
2013/11/14 20:50:38.0723 4460 motccgp         (f55572b150db90cdbd95038ed287eb50) C:\Windows\system32\DRIVERS\motccgp.sys
2013/11/14 20:50:38.0863 4460 motccgpfl       (1b3720c4d16904756d49ef306706b978) C:\Windows\system32\DRIVERS\motccgpfl.sys
2013/11/14 20:50:38.0993 4460 MotDev          (e190ed75bcc7928143f8f2af4c34d91d) C:\Windows\system32\DRIVERS\motodrv.sys
2013/11/14 20:50:39.0153 4460 MotoSwitchService (140176b235722b6b92b56910acdf3cc0) C:\Windows\system32\DRIVERS\motswch.sys
2013/11/14 20:50:39.0253 4460 Motousbnet      (28938d6403c55289b7670798c075ef02) C:\Windows\system32\DRIVERS\Motousbnet.sys
2013/11/14 20:50:39.0363 4460 motusbdevice    (f780c53d98a0aad28f5b7403b184aea1) C:\Windows\system32\DRIVERS\motusbdevice.sys
2013/11/14 20:50:39.0423 4460 mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2013/11/14 20:50:39.0533 4460 mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2013/11/14 20:50:39.0693 4460 MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2013/11/14 20:50:39.0823 4460 mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2013/11/14 20:50:39.0973 4460 mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2013/11/14 20:50:40.0093 4460 Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2013/11/14 20:50:40.0273 4460 MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2013/11/14 20:50:40.0363 4460 mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2013/11/14 20:50:40.0473 4460 mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2013/11/14 20:50:40.0543 4460 mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2013/11/14 20:50:40.0643 4460 msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2013/11/14 20:50:40.0853 4460 msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2013/11/14 20:50:40.0983 4460 Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2013/11/14 20:50:41.0093 4460 msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2013/11/14 20:50:41.0213 4460 MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2013/11/14 20:50:41.0343 4460 MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2013/11/14 20:50:41.0403 4460 MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2013/11/14 20:50:41.0523 4460 MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2013/11/14 20:50:41.0593 4460 mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2013/11/14 20:50:41.0733 4460 MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2013/11/14 20:50:41.0833 4460 Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2013/11/14 20:50:41.0973 4460 NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2013/11/14 20:50:42.0263 4460 NAVENG          (81e928ee3751faf725c87cc17726c05d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131114.016\NAVENG.SYS
2013/11/14 20:50:42.0493 4460 NAVEX15         (e0c39fa6c76ae8ed53abf043f35ecdff) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131114.016\NAVEX15.SYS
2013/11/14 20:50:42.0723 4460 NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2013/11/14 20:50:42.0793 4460 NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2013/11/14 20:50:42.0953 4460 Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2013/11/14 20:50:43.0033 4460 NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2013/11/14 20:50:43.0243 4460 NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2013/11/14 20:50:43.0323 4460 NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2013/11/14 20:50:43.0473 4460 netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2013/11/14 20:50:43.0613 4460 nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2013/11/14 20:50:43.0743 4460 Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2013/11/14 20:50:43.0885 4460 nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2013/11/14 20:50:44.0056 4460 Ntfs            (2c1121f2b87e9a6b12485df53cd848c7) C:\Windows\system32\drivers\Ntfs.sys
2013/11/14 20:50:44.0192 4460 ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2013/11/14 20:50:44.0312 4460 Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2013/11/14 20:50:44.0582 4460 nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2013/11/14 20:50:44.0792 4460 nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2013/11/14 20:50:44.0942 4460 nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2013/11/14 20:50:45.0252 4460 ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2013/11/14 20:50:45.0392 4460 Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2013/11/14 20:50:45.0512 4460 partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
2013/11/14 20:50:45.0652 4460 Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2013/11/14 20:50:45.0732 4460 pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2013/11/14 20:50:45.0792 4460 pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2013/11/14 20:50:45.0932 4460 pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2013/11/14 20:50:46.0132 4460 PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2013/11/14 20:50:46.0402 4460 PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2013/11/14 20:50:46.0452 4460 Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2013/11/14 20:50:46.0552 4460 PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2013/11/14 20:50:46.0692 4460 PxHelp20        (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2013/11/14 20:50:46.0882 4460 ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2013/11/14 20:50:47.0122 4460 ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2013/11/14 20:50:47.0222 4460 QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2013/11/14 20:50:47.0252 4460 RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2013/11/14 20:50:47.0332 4460 Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2013/11/14 20:50:47.0502 4460 RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2013/11/14 20:50:47.0582 4460 RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2013/11/14 20:50:47.0672 4460 rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2013/11/14 20:50:47.0812 4460 RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2013/11/14 20:50:47.0892 4460 rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2013/11/14 20:50:47.0922 4460 RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2013/11/14 20:50:48.0122 4460 RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
2013/11/14 20:50:48.0312 4460 rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2013/11/14 20:50:48.0452 4460 RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2013/11/14 20:50:48.0572 4460 RTSTOR          (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
2013/11/14 20:50:48.0722 4460 sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2013/11/14 20:50:48.0822 4460 secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2013/11/14 20:50:48.0952 4460 Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2013/11/14 20:50:49.0072 4460 Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2013/11/14 20:50:49.0162 4460 sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2013/11/14 20:50:49.0252 4460 sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2013/11/14 20:50:49.0342 4460 sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2013/11/14 20:50:49.0442 4460 sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2013/11/14 20:50:49.0522 4460 sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2013/11/14 20:50:49.0622 4460 sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2013/11/14 20:50:49.0772 4460 SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2013/11/14 20:50:49.0822 4460 SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2013/11/14 20:50:50.0072 4460 Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2013/11/14 20:50:50.0262 4460 spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2013/11/14 20:50:50.0442 4460 SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS
2013/11/14 20:50:50.0692 4460 SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS
2013/11/14 20:50:50.0762 4460 srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2013/11/14 20:50:50.0942 4460 srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2013/11/14 20:50:51.0042 4460 srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2013/11/14 20:50:51.0122 4460 swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2013/11/14 20:50:51.0262 4460 Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2013/11/14 20:50:51.0392 4460 SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NAV\1207010.003\SYMDS.SYS
2013/11/14 20:50:51.0502 4460 SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NAV\1207010.003\SYMEFA.SYS
2013/11/14 20:50:51.0642 4460 SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013/11/14 20:50:51.0792 4460 SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS
2013/11/14 20:50:51.0892 4460 SYMTDIv         (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS
2013/11/14 20:50:52.0142 4460 Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2013/11/14 20:50:52.0272 4460 Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2013/11/14 20:50:52.0462 4460 SynTP           (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2013/11/14 20:50:52.0582 4460 Tcpip           (d18d53974fd715d50fc76f9ffe1c830d) C:\Windows\system32\drivers\tcpip.sys
2013/11/14 20:50:52.0752 4460 Tcpip6          (d18d53974fd715d50fc76f9ffe1c830d) C:\Windows\system32\DRIVERS\tcpip.sys
2013/11/14 20:50:52.0842 4460 tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2013/11/14 20:50:52.0922 4460 tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2013/11/14 20:50:53.0012 4460 TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2013/11/14 20:50:53.0122 4460 TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2013/11/14 20:50:53.0202 4460 tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2013/11/14 20:50:53.0322 4460 TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2013/11/14 20:50:53.0552 4460 tos_sps32       (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2013/11/14 20:50:53.0642 4460 tssecsrv        (f4eaa7ecbcb25de901c9b7f2cdcda0b3) C:\Windows\system32\DRIVERS\tssecsrv.sys
2013/11/14 20:50:53.0812 4460 tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2013/11/14 20:50:53.0902 4460 tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2013/11/14 20:50:53.0972 4460 TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2013/11/14 20:50:54.0122 4460 uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2013/11/14 20:50:54.0222 4460 udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2013/11/14 20:50:54.0552 4460 uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2013/11/14 20:50:54.0692 4460 uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2013/11/14 20:50:54.0802 4460 UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2013/11/14 20:50:54.0962 4460 ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2013/11/14 20:50:55.0072 4460 umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2013/11/14 20:50:55.0232 4460 usbccgp         (aab0b5f72d2d726fbfdc895a2902de1d) C:\Windows\system32\DRIVERS\usbccgp.sys
2013/11/14 20:50:55.0292 4460 usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2013/11/14 20:50:55.0382 4460 usbehci         (153e8515cb86f8bb5d1a8b478ebf4bb2) C:\Windows\system32\DRIVERS\usbehci.sys
2013/11/14 20:50:55.0512 4460 usbhub          (2ae6bcebd85d31317e433733daf25888) C:\Windows\system32\DRIVERS\usbhub.sys
2013/11/14 20:50:55.0582 4460 usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2013/11/14 20:50:55.0782 4460 usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2013/11/14 20:50:55.0862 4460 usbscan         (1d714b8497cd68307806d5d3f60a5169) C:\Windows\system32\DRIVERS\usbscan.sys
2013/11/14 20:50:55.0982 4460 USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2013/11/14 20:50:56.0082 4460 usbuhci         (44056325428a8e4c755830426e29878f) C:\Windows\system32\DRIVERS\usbuhci.sys
2013/11/14 20:50:56.0232 4460 usbvideo        (73ff24e21b690625a58109637dda0df7) C:\Windows\system32\Drivers\usbvideo.sys
2013/11/14 20:50:56.0342 4460 UVCFTR          (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2013/11/14 20:50:56.0482 4460 vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2013/11/14 20:50:56.0722 4460 VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2013/11/14 20:50:56.0782 4460 viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2013/11/14 20:50:56.0852 4460 ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2013/11/14 20:50:56.0992 4460 viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2013/11/14 20:50:57.0072 4460 volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2013/11/14 20:50:57.0172 4460 volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2013/11/14 20:50:57.0332 4460 volsnap         (786db5771f05ef300390399f626bf30a) C:\Windows\system32\drivers\volsnap.sys
2013/11/14 20:50:57.0452 4460 vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2013/11/14 20:50:57.0602 4460 WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2013/11/14 20:50:57.0682 4460 Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2013/11/14 20:50:57.0722 4460 Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2013/11/14 20:50:57.0872 4460 Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2013/11/14 20:50:57.0972 4460 Wdf01000        (25944d2cc49e0a6c581d02a74b7d6645) C:\Windows\system32\drivers\Wdf01000.sys
2013/11/14 20:50:58.0282 4460 WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2013/11/14 20:50:58.0492 4460 WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2013/11/14 20:50:58.0572 4460 ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2013/11/14 20:50:58.0772 4460 WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2013/11/14 20:50:58.0872 4460 MBR (0x1B8)     (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2013/11/14 20:50:58.0902 4460 MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
2013/11/14 20:50:58.0932 4460 Boot (0x1200)   (4b90fe8261e9be1150f0b499d2992adc) \Device\Harddisk0\DR0\Partition0
2013/11/14 20:50:58.0952 4460 Boot (0x1200)   (adb86f4489a1d19a6bba7910f22c5ede) \Device\Harddisk1\DR2\Partition0
2013/11/14 20:50:58.0972 4460 ================================================================================
2013/11/14 20:50:58.0972 4460 Scan finished
2013/11/14 20:50:58.0972 4460 ================================================================================
2013/11/14 20:50:58.0992 6772 Detected object count: 0
2013/11/14 20:50:58.0992 6772 Actual detected object count: 0
 

END OF LOG

 

 

 

I have loaded Kasperky Virus Removal and have scanned twice without any luck. I have also tried to load Avast! and ran a scan but did not identify any problems. I have tried to do Windows Restore to an earlier point but received an error, I tried again today but there is only one restore point from two days ago when I loaded Avast and that is not going to help even if it does restore to then...

 

I ran Rkill and got this log: (this shows the Infection)

 

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2013 06:26:37 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Windows\assembly\GAC\Desktop.ini [ZA File]

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * PcaSvc [Missing Service]
 * PolicyAgent [Missing Service]
 * RemoteAccess [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * MpsSvc [Missing ImagePath]

 * SharedAccess [Missing Parameters Key]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 11/13/2013 06:30:31 AM
Execution time: 0 hours(s), 3 minute(s), and 53 seconds(s)

 

 

END OF LOG

 

 

I have been getting Avast! alerts that come in pairs one right after another about every 5 minutes:

 

1.  Malware Blocked Win32Malware-gen

2.  Malware Blocked Win64:sirefef-A[Trj]

 

 

Not sure what to do next so please help with any advice that might remove this.

Thanks.

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 15 November 2013 - 01:22 AM





Hello Harvestsmiles

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 15 November 2013 - 10:39 PM

I should have mentioned that I am unable to download as all attempts end with "... contained a virus and was deleted."

 

I did try to download onto a thumbdrive from another computer and ran the scan that way. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Monkey (administrator) on MONKEY-PC on 15-11-2013 20:34:15
Running from E:\
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\RunOnce: [20131030] - C:\Program Files\AVAST Software\Avast\setup\emupdate\71d75763-1db7-4178-b9a1-70a05e8508a4.exe /check [164240 2013-11-13] (AVAST Software)
HKCU\...\Run: [Xvid] - C:\Users\Monkey\Downloads\Codecs\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {56eebfb8-36a9-11e2-a2b0-001e334512d9} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Virus Removal Tool 2010 v9.0.0.722.lnk
ShortcutTarget: Kaspersky Virus Removal Tool 2010 v9.0.0.722.lnk -> C:\Program Files\Virus Removal Tool\Kaspersky Virus Removal Tool 2010 v9.0.0.722\startup.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
SearchScopes: HKCU - {94374D54-CA17-4176-B20E-748D73CB59B1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (uTorrentControl_v2) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0
CHR Extension: (RealDownloader) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Google Wallet) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Monkey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [181784 2007-09-24] (WildTangent, Inc.)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-01-29] (Symantec Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R1 62747321; C:\Windows\System32\DRIVERS\62747321.sys [128016 2009-09-25] (Kaspersky Lab)
R0 62747322; C:\Windows\System32\DRIVERS\62747322.sys [37392 2009-10-22] (Kaspersky Lab)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [104752 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [204784 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-31] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20131115.001\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R1 Kaspersky Virus Removal Tool 2010 v9.0.0.722drv; C:\Windows\System32\DRIVERS\6274732.sys [311312 2009-10-09] (Kaspersky Lab)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131115.017\NAVENG.SYS [93272 2013-08-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131115.017\NAVEX15.SYS [1612376 2013-08-31] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2013-08-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-15 20:34 - 2013-11-15 20:34 - 00000000 ____D C:\FRST
2013-11-12 18:29 - 2013-11-13 06:30 - 00015012 _____ C:\Users\Monkey\Desktop\Rkill.txt
2013-11-12 06:57 - 2013-11-12 06:57 - 00001840 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-11-12 06:57 - 2013-08-30 01:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-12 06:57 - 2013-08-30 01:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00204784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00104752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00021576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-11-12 06:55 - 2013-08-30 01:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-12 06:55 - 2013-08-30 01:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-12 06:55 - 2013-07-17 03:17 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-11-12 06:54 - 2013-11-12 06:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-12 06:53 - 2013-11-12 06:54 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-12 06:50 - 2013-11-12 06:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-11 19:42 - 2013-11-12 18:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-11 19:41 - 2013-11-12 06:34 - 00000000 ____D C:\Program Files\Virus Removal Tool
2013-11-11 19:41 - 2009-10-22 13:54 - 00037392 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\62747322.sys
2013-11-11 19:41 - 2009-10-09 23:31 - 00311312 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\6274732.sys
2013-11-11 19:41 - 2009-09-25 17:59 - 00128016 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\62747321.sys
2013-11-10 06:28 - 2013-11-10 06:28 - 00000000 ____D C:\Users\Monkey\Documents\1 virus test
2013-11-09 22:03 - 2013-11-09 22:03 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-09 22:02 - 2013-11-15 19:23 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 22:02 - 2013-11-14 20:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 22:01 - 2013-11-09 22:02 - 00000000 ____D C:\Users\Monkey\AppData\Local\Deployment
2013-11-09 22:01 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Apps\2.0
2013-11-02 15:51 - 2013-11-02 15:55 - 00000000 ____D C:\Users\Monkey\Desktop\pics from ted
2013-11-02 15:51 - 2013-11-02 15:51 - 00000020 _____ C:\Users\Monkey\Desktop\New WinRAR archive.rar
2013-10-23 19:35 - 2013-11-08 22:50 - 00000000 ____D C:\Users\Monkey\Desktop\BJCP Tasting Exam
2013-10-17 21:00 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-17 21:00 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-17 21:00 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-17 21:00 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-17 21:00 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-17 21:00 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-17 21:00 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-17 21:00 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-17 21:00 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-17 21:00 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-17 21:00 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-17 21:00 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-17 21:00 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-17 21:00 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-17 21:00 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-17 20:59 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-17 20:52 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-17 20:51 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-17 20:51 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-17 20:51 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-17 20:51 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-17 20:51 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-17 20:51 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-17 20:51 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-17 20:51 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-17 20:51 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 20:51 - 2013-07-12 02:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-17 20:51 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-17 20:51 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-17 20:51 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-17 20:51 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-17 20:51 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-17 20:51 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-17 20:51 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-17 20:51 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-17 20:51 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-17 20:49 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

==================== One Month Modified Files and Folders =======

2013-11-15 20:34 - 2013-11-15 20:34 - 00000000 ____D C:\FRST
2013-11-15 19:23 - 2013-11-09 22:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 20:44 - 2012-09-30 19:19 - 01620847 _____ C:\Windows\WindowsUpdate.log
2013-11-14 20:18 - 2013-11-09 22:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 08:05 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 08:05 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 06:30 - 2013-11-12 18:29 - 00015012 _____ C:\Users\Monkey\Desktop\Rkill.txt
2013-11-12 20:05 - 2013-02-16 20:35 - 00000000 ____D C:\Users\Monkey\AppData\Local\CrashDumps
2013-11-12 18:45 - 2013-08-31 17:12 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Skype
2013-11-12 18:09 - 2013-11-11 19:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 18:08 - 2013-09-15 15:51 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Dropbox
2013-11-12 18:05 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 18:04 - 2006-11-02 06:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 06:57 - 2013-11-12 06:57 - 00001840 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-11-12 06:56 - 2012-09-30 18:22 - 00000000 ____D C:\Users\Monkey
2013-11-12 06:55 - 2006-11-02 03:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-11-12 06:54 - 2013-11-12 06:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-12 06:54 - 2013-11-12 06:53 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-12 06:51 - 2013-09-15 15:59 - 00000000 ___RD C:\Users\Monkey\Dropbox
2013-11-12 06:50 - 2013-11-12 06:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-12 06:34 - 2013-11-11 19:41 - 00000000 ____D C:\Program Files\Virus Removal Tool
2013-11-12 06:34 - 2008-01-20 19:47 - 00631014 _____ C:\Windows\PFRO.log
2013-11-12 06:31 - 2012-10-01 07:31 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-11-11 19:38 - 2006-11-02 05:52 - 00044072 _____ C:\Windows\setupact.log
2013-11-10 06:28 - 2013-11-10 06:28 - 00000000 ____D C:\Users\Monkey\Documents\1 virus test
2013-11-09 22:03 - 2013-11-09 22:03 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-09 22:02 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Deployment
2013-11-09 22:02 - 2008-02-13 19:15 - 00000000 ____D C:\Program Files\Google
2013-11-09 22:01 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Apps\2.0
2013-11-09 22:00 - 2013-02-19 16:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-08 23:51 - 2012-09-30 18:23 - 00000000 ____D C:\Users\Monkey\AppData\Local\Google
2013-11-08 23:38 - 2013-02-13 20:18 - 00000000 ____D C:\Users\Monkey\Documents\Movies
2013-11-08 22:50 - 2013-10-23 19:35 - 00000000 ____D C:\Users\Monkey\Desktop\BJCP Tasting Exam
2013-11-08 20:06 - 2006-11-02 03:33 - 00707392 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 19:53 - 2013-08-31 17:12 - 00000000 ___RD C:\Program Files\Skype
2013-11-05 19:53 - 2013-08-31 17:11 - 00000000 ____D C:\ProgramData\Skype
2013-11-02 21:25 - 2013-09-01 04:47 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DVD Flick
2013-11-02 15:55 - 2013-11-02 15:51 - 00000000 ____D C:\Users\Monkey\Desktop\pics from ted
2013-11-02 15:51 - 2013-11-02 15:51 - 00000020 _____ C:\Users\Monkey\Desktop\New WinRAR archive.rar
2013-11-02 11:30 - 2013-09-01 04:57 - 00000000 ____D C:\Users\Monkey\Documents\dvd
2013-10-28 21:00 - 2012-10-03 14:50 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\uTorrent
2013-10-18 20:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-18 19:17 - 2006-11-02 05:47 - 00399984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-18 19:16 - 2013-07-08 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 21:18 - 2012-09-30 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-17 21:12 - 2013-09-29 14:27 - 00000000 ____D C:\Windows\system32\MRT
2013-10-17 21:08 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Monkey\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-11-13 06:17

==================== End Of Log ============================

 

The "Addition" Log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Monkey at 2013-11-15 20:35:37
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

µTorrent (Version: 3.2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Reader 8.1.0 (Version: 8.1.0)
Atheros Driver Installation Program (Version: 7.1)
Atheros Wi-Fi Protected Setup Library
Audacity 2.0.2 (Version: 2.0.2)
avast! Internet Security (Version: 8.0.1497.0)
AviSynth 2.5
calibre (Version: 0.9.8)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01)
Creative Jukebox Driver
Dropbox (HKCU Version: 2.0.26)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DVD MovieFactory for TOSHIBA (Version: 5.51)
DVDFab 9 v9.0.6.0 (Version: 9.0.6.0)
GearDrvs (Version: 1)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 3 (Version: 1.6.0.30)
K-Lite Codec Pack 9.7.5 (Full) (Version: 9.7.5)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Memeo AutoBackup (Version: 3.00.3023)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.20.8730.4)
Motorola Device Manager (Version: 2.3.4)
Motorola Device Software Update (Version: 12.10.3002)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NaturalReaderFree (Version: 11)
Nero 7 Ultra Edition (Version: 7.02.9753)
neroxml (Version: 1.0.0)
Norton 360 (Version: 1.2.0.10)
Norton AntiVirus (Version: 18.7.1.3)
Pantarheon 3D AviSynth Toolbox (Version: 1.1.0)
Picasa 2 (Version: 2.0)
QuickBooks Financial Center (Version: 1.00.0000)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5559)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
Rosetta Stone Version 3 (Version: 3.3.5.2)
Skype™ 6.9 (Version: 6.9.106)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TOSHIBA Assist (Version: 2.01.05)
TOSHIBA ConfigFree (Version: 7.1.27)
TOSHIBA Disc Creator (Version: 2.0.1.1a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 1.0.2.32)
TOSHIBA Games (Version: 1.0.0.43)
TOSHIBA Hardware Setup (Version: 2.00.06)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.1.14)
Total Video Converter 3.71 100812
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
VLC media player 2.0.4 (Version: 2.0.4)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
WinRAR
Xvid Video Codec (Version: 1.3.2)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.

==================== Hosts content: ==========================

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {229E903D-49CB-493C-988A-D2B2EFDE7C83} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {2678B14F-5C37-44AA-8B63-99CA2455927A} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\symerr.exe [2012-03-27] (Symantec Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {67931D2B-8B75-4AA0-BC7A-F35EAA3642DB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {72F9FD18-CEC9-4543-848E-10015CCDA574} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\symerr.exe [2012-03-27] (Symantec Corporation)
Task: {8F983315-CE33-4C4F-806E-3A7C1C78CA47} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2317739109-3065871874-2614635687-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {9A038114-A5C9-4B5D-B787-65174BB1D8D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {A2D5382E-265B-4F78-8AC7-2664CED980DA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {ACC7C5E7-F9BC-4770-89BC-2E9A6B761A95} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {C4ADD0FD-53AD-4EFD-96E0-D5DCE95D839E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E5B2D6E9-4DB6-48D0-8827-DC0C7ED575BA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2317739109-3065871874-2614635687-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Monkey\Documents\baby.VOB:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27017778.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27017778.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 08:05:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 08:05:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 08:05:04 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xc0000005, fault offset 0x00001c7e,
process id 0x1794, application start time 0xExplorer.EXE0.

Error: (11/12/2013 08:02:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 08:02:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 08:00:33 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module kernel32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xc0000005, fault offset 0x00001c7e,
process id 0x780, application start time 0xExplorer.EXE0.

Error: (11/12/2013 06:07:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 06:07:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2013 06:06:10 PM) (Source: Application Error) (User: )
Description: Faulting application TosIPCSrv.exe, version 1.0.0.1, time stamp 0x4753b866, faulting module TosIPCSrv.exe, version 1.0.0.1, time stamp 0x4753b866, exception code 0xc0000005, fault offset 0x000027a8,
process id 0xa78, application start time 0xTosIPCSrv.exe0.

Error: (11/12/2013 06:06:09 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

System errors:
=============
Error: (11/12/2013 06:03:57 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/06/2013 07:45:43 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (11/06/2013 07:45:13 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (11/02/2013 11:04:04 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (10/26/2013 08:20:19 PM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/18/2013 07:14:59 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (10/17/2013 09:28:56 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (10/17/2013 09:28:26 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (10/17/2013 09:18:08 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/17/2013 09:18:08 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-15 20:35:19.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:35:19.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:35:18.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:35:18.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:58.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:57.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:57.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:56.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:52.412
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-15 20:34:52.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\6274732.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3061.22 MB
Available physical RAM: 1346.87 MB
Total Pagefile: 6326.72 MB
Available Pagefile: 4336.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.19 MB

==================== Drives ================================

Drive c: (SQ004725V01) (Fixed) (Total:184.84 GB) (Free:32.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB DISK) (Removable) (Total:7.6 GB) (Free:0.77 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: DE81E319)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=185 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 9F67AE68)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

 

I will wait for you advice as to what is the next step in removing this nasty-ness.

Thanks



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 15 November 2013 - 11:28 PM

Hello Harvestsmiles



I need you to download this script I have made for you --> Attached File  fixlist.txt   900bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo

Edited by gringo_pr, 15 November 2013 - 11:28 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 November 2013 - 01:03 AM

When I ran the fix I got an error.

Line 15905 (File "E:\FRST.exe"):

Error: Subscript used with non-Array Variable

 

 

Then below is what was listed in the Fix Log.

 

Fix Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by Monkey at 2013-11-15 22:58:02 Run:1
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Monkey\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s
*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Could not move "C:\Windows\assembly\GAC\Desktop.ini" => Scheduled to move on reboot.

"C:\Users\Monkey\AppData\Local\Google\Desktop\Install" directory move:

Could not move "C:\Users\Monkey\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.

"C:\Program Files\Google\Desktop\Install" directory move:

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========

"C:\Windows\assembly\GAC\Desktop.ini" => File could not move.
C:\Users\Monkey\AppData\Local\Google\Desktop\Install => Is moved successfully.
"C:\Program Files\Google\Desktop\Install" => Directory could not move.

==== End of Fixlog ====

 

Thanks for the quick reply.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 16 November 2013 - 03:51 AM

I would like you to rerun it please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 November 2013 - 07:55 AM

I re-ran the scan and then ran the fix. Here are the logs for each.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Monkey (administrator) on MONKEY-PC on 16-11-2013 05:45:35
Running from E:\
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\RunOnce: [20131030] - C:\Program Files\AVAST Software\Avast\setup\emupdate\71d75763-1db7-4178-b9a1-70a05e8508a4.exe /check [164240 2013-11-13] (AVAST Software)
HKCU\...\Run: [Xvid] - C:\Users\Monkey\Downloads\Codecs\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {56eebfb8-36a9-11e2-a2b0-001e334512d9} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Virus Removal Tool 2010 v9.0.0.722.lnk
ShortcutTarget: Kaspersky Virus Removal Tool 2010 v9.0.0.722.lnk -> C:\Program Files\Virus Removal Tool\Kaspersky Virus Removal Tool 2010 v9.0.0.722\startup.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
SearchScopes: HKCU - {94374D54-CA17-4176-B20E-748D73CB59B1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 %SystemRoot%\System32\mswsock.dll [223232] ()
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (uTorrentControl_v2) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0
CHR Extension: (RealDownloader) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Google Wallet) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Monkey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [181784 2007-09-24] (WildTangent, Inc.)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-01-29] (Symantec Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 SharedAccess; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R1 62747321; C:\Windows\System32\DRIVERS\62747321.sys [128016 2009-09-25] (Kaspersky Lab)
R0 62747322; C:\Windows\System32\DRIVERS\62747322.sys [37392 2009-10-22] (Kaspersky Lab)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [104752 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [204784 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-31] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20131115.001\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R1 Kaspersky Virus Removal Tool 2010 v9.0.0.722drv; C:\Windows\System32\DRIVERS\6274732.sys [311312 2009-10-09] (Kaspersky Lab)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131115.017\NAVENG.SYS [93272 2013-08-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20131115.017\NAVEX15.SYS [1612376 2013-08-31] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2013-08-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-15 20:34 - 2013-11-15 22:59 - 00000000 ____D C:\FRST
2013-11-12 18:29 - 2013-11-13 06:30 - 00015012 _____ C:\Users\Monkey\Desktop\Rkill.txt
2013-11-12 06:57 - 2013-11-12 06:57 - 00001840 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-11-12 06:57 - 2013-08-30 01:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-12 06:57 - 2013-08-30 01:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00204784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00104752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-12 06:55 - 2013-08-30 01:48 - 00021576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-11-12 06:55 - 2013-08-30 01:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-12 06:55 - 2013-08-30 01:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-12 06:55 - 2013-07-17 03:17 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-11-12 06:54 - 2013-11-12 06:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-12 06:53 - 2013-11-12 06:54 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-12 06:50 - 2013-11-12 06:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-11 19:42 - 2013-11-12 18:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-11 19:41 - 2013-11-12 06:34 - 00000000 ____D C:\Program Files\Virus Removal Tool
2013-11-11 19:41 - 2009-10-22 13:54 - 00037392 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\62747322.sys
2013-11-11 19:41 - 2009-10-09 23:31 - 00311312 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\6274732.sys
2013-11-11 19:41 - 2009-09-25 17:59 - 00128016 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\62747321.sys
2013-11-10 06:28 - 2013-11-10 06:28 - 00000000 ____D C:\Users\Monkey\Documents\1 virus test
2013-11-09 22:03 - 2013-11-09 22:03 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-09 22:02 - 2013-11-16 05:42 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 22:02 - 2013-11-14 20:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 22:01 - 2013-11-09 22:02 - 00000000 ____D C:\Users\Monkey\AppData\Local\Deployment
2013-11-09 22:01 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Apps\2.0
2013-11-02 15:51 - 2013-11-02 15:55 - 00000000 ____D C:\Users\Monkey\Desktop\pics from ted
2013-11-02 15:51 - 2013-11-02 15:51 - 00000020 _____ C:\Users\Monkey\Desktop\New WinRAR archive.rar
2013-10-23 19:35 - 2013-11-08 22:50 - 00000000 ____D C:\Users\Monkey\Desktop\BJCP Tasting Exam
2013-10-17 21:00 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-17 21:00 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-17 21:00 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-17 21:00 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-17 21:00 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-17 21:00 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-17 21:00 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-17 21:00 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-17 21:00 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-17 21:00 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-17 21:00 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-17 21:00 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-17 21:00 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-17 21:00 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-17 21:00 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-17 20:59 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-17 20:52 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-17 20:51 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-17 20:51 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-17 20:51 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-17 20:51 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-17 20:51 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-17 20:51 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-17 20:51 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-17 20:51 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-17 20:51 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-17 20:51 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 20:51 - 2013-07-12 02:04 - 00134272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-17 20:51 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-17 20:51 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-17 20:51 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-17 20:51 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-17 20:51 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-17 20:51 - 2013-06-26 16:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-17 20:51 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-17 20:51 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-17 20:51 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-17 20:51 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-17 20:49 - 2013-07-02 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

==================== One Month Modified Files and Folders =======

2013-11-16 05:42 - 2013-11-09 22:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 22:59 - 2013-11-15 20:34 - 00000000 ____D C:\FRST
2013-11-15 22:48 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 22:48 - 2006-11-02 05:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 20:44 - 2012-09-30 19:19 - 01620847 _____ C:\Windows\WindowsUpdate.log
2013-11-14 20:18 - 2013-11-09 22:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 06:30 - 2013-11-12 18:29 - 00015012 _____ C:\Users\Monkey\Desktop\Rkill.txt
2013-11-12 20:05 - 2013-02-16 20:35 - 00000000 ____D C:\Users\Monkey\AppData\Local\CrashDumps
2013-11-12 18:45 - 2013-08-31 17:12 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Skype
2013-11-12 18:09 - 2013-11-11 19:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 18:08 - 2013-09-15 15:51 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Dropbox
2013-11-12 18:05 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 18:04 - 2006-11-02 06:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 06:57 - 2013-11-12 06:57 - 00001840 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-11-12 06:56 - 2012-09-30 18:22 - 00000000 ____D C:\Users\Monkey
2013-11-12 06:55 - 2006-11-02 03:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-11-12 06:54 - 2013-11-12 06:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-12 06:54 - 2013-11-12 06:53 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-12 06:51 - 2013-09-15 15:59 - 00000000 ___RD C:\Users\Monkey\Dropbox
2013-11-12 06:50 - 2013-11-12 06:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-12 06:34 - 2013-11-11 19:41 - 00000000 ____D C:\Program Files\Virus Removal Tool
2013-11-12 06:34 - 2008-01-20 19:47 - 00631014 _____ C:\Windows\PFRO.log
2013-11-12 06:31 - 2012-10-01 07:31 - 00053736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-11-11 19:38 - 2006-11-02 05:52 - 00044072 _____ C:\Windows\setupact.log
2013-11-10 06:28 - 2013-11-10 06:28 - 00000000 ____D C:\Users\Monkey\Documents\1 virus test
2013-11-09 22:03 - 2013-11-09 22:03 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-09 22:02 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Deployment
2013-11-09 22:02 - 2008-02-13 19:15 - 00000000 ____D C:\Program Files\Google
2013-11-09 22:01 - 2013-11-09 22:01 - 00000000 ____D C:\Users\Monkey\AppData\Local\Apps\2.0
2013-11-09 22:00 - 2013-02-19 16:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-08 23:51 - 2012-09-30 18:23 - 00000000 ____D C:\Users\Monkey\AppData\Local\Google
2013-11-08 23:38 - 2013-02-13 20:18 - 00000000 ____D C:\Users\Monkey\Documents\Movies
2013-11-08 22:50 - 2013-10-23 19:35 - 00000000 ____D C:\Users\Monkey\Desktop\BJCP Tasting Exam
2013-11-08 20:06 - 2006-11-02 03:33 - 00707392 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 19:53 - 2013-08-31 17:12 - 00000000 ___RD C:\Program Files\Skype
2013-11-05 19:53 - 2013-08-31 17:11 - 00000000 ____D C:\ProgramData\Skype
2013-11-02 21:25 - 2013-09-01 04:47 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DVD Flick
2013-11-02 15:55 - 2013-11-02 15:51 - 00000000 ____D C:\Users\Monkey\Desktop\pics from ted
2013-11-02 15:51 - 2013-11-02 15:51 - 00000020 _____ C:\Users\Monkey\Desktop\New WinRAR archive.rar
2013-11-02 11:30 - 2013-09-01 04:57 - 00000000 ____D C:\Users\Monkey\Documents\dvd
2013-10-28 21:00 - 2012-10-03 14:50 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\uTorrent
2013-10-18 20:13 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-18 19:17 - 2006-11-02 05:47 - 00399984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-18 19:16 - 2013-07-08 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 21:18 - 2012-09-30 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-17 21:12 - 2013-09-29 14:27 - 00000000 ____D C:\Windows\system32\MRT
2013-10-17 21:08 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-11-13 06:17

==================== End Of Log ============================

 

This is everything that was in the "FixList" text file:

 

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Monkey\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s

 

When I clicked fix I got the same error message = "Line 15905 (File "E:\FRST.exe"): Error: Subscript used with noon-Array variable.

 

I tried to run FRST again and a window opened telling me the Fix was complete and the log text was displayed. This is what it shows in "Fixlog' file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by Monkey at 2013-11-16 05:50:20 Run:2
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Monkey\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s
*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Could not move "C:\Windows\assembly\GAC\Desktop.ini" => Scheduled to move on reboot.
"C:\Users\Monkey\AppData\Local\Google\Desktop\Install" => File/Directory not found.

"C:\Program Files\Google\Desktop\Install" directory move:

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

"C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe" => File/Directory not found.
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========

"C:\Windows\assembly\GAC\Desktop.ini" => File could not move.
"C:\Program Files\Google\Desktop\Install" => Directory could not move.

==== End of Fixlog ====

 

 

Awaiting orders General Gringo :)



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 16 November 2013 - 11:41 AM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 16 November 2013 - 12:53 PM

I did those steps and have the log:

 

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
   Print Name     : C:\Users
   Substitute Name: C:\Users

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

 

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

 

Failed to open \\?\c:\\System Volume Information: Access is denied.

...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Program Files\Windows Defender\en-US: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpEvMsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSoftEx.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Cookies: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Local Settings: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\My Documents: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Documents
   Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\NetHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\PrintHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Recent: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\SendTo: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Start Menu: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Templates: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\History: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

    
\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Music: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Music
   Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Pictures: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Pictures
   Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Videos: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Videos
   Substitute Name: C:\Windows\system32\config\systemprofile\Videos

...
    
\\?\c:\\ProgramData\Application Data: JUNCTION
   Print Name     : C:\ProgramData
   Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
   Print Name     : C:\Users\Public\Desktop
   Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
   Print Name     : C:\Users\Public\Documents
   Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
   Print Name     : C:\Users\Public\Favorites
   Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Start Menu
   Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Templates
   Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\496eb4627a3cd26c7a06c6ebbfea99dd_29ca7291-e20b-45a9-84ff-151989fd882c: Access is denied.

.
    
..
Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.

 

Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

.
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
\\?\c:\\Users\All Users: SYMBOLIC LINK
   Print Name     : C:\ProgramData
   Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
   Print Name     : C:\Users\Default
   Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
   Print Name     : C:\ProgramData
   Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
   Print Name     : C:\Users\Public\Desktop
   Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
   Print Name     : C:\Users\Public\Documents
   Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
   Print Name     : C:\Users\Public\Favorites
   Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Start Menu
   Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Templates
   Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\496eb4627a3cd26c7a06c6ebbfea99dd_29ca7291-e20b-45a9-84ff-151989fd882c: Access is denied.

..
    
..
Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.

 

Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

.
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Users\Default\Application Data: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming
   Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local
   Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
   Print Name     : C:\Users\Default\Documents
   Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local
   Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Default\Music
   Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Default\Pictures
   Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Default\Videos
   Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Monkey\Application Data: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming
   Substitute Name: C:\Users\Monkey\AppData\Roaming

\\?\c:\\Users\Monkey\Cookies: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Monkey\Local Settings: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local
   Substitute Name: C:\Users\Monkey\AppData\Local

\\?\c:\\Users\Monkey\My Documents: JUNCTION
   Print Name     : C:\Users\Monkey\Documents
   Substitute Name: C:\Users\Monkey\Documents

\\?\c:\\Users\Monkey\NetHood: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Monkey\PrintHood: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Monkey\Recent: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Monkey\SendTo: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Monkey\Start Menu: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Monkey\Templates: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Monkey\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local
   Substitute Name: C:\Users\Monkey\AppData\Local

\\?\c:\\Users\Monkey\AppData\Local\History: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Users\Monkey\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Monkey\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Users\Monkey\AppData\Local\Microsoft\Windows\Temporary Internet Files

    
...
    
...
    
...
    
.\\?\c:\\Users\Monkey\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Monkey\Music
   Substitute Name: C:\Users\Monkey\Music

\\?\c:\\Users\Monkey\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Monkey\Pictures
   Substitute Name: C:\Users\Monkey\Pictures

\\?\c:\\Users\Monkey\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Monkey\Videos
   Substitute Name: C:\Users\Monkey\Videos

..
    
...
    
.\\?\c:\\Users\Public\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Public\Music
   Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Public\Pictures
   Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Public\Videos
   Substitute Name: C:\Users\Public\Videos

..
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\System32\config\systemprofile\Cookies: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Documents
   Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

    
.\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Music
   Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Pictures
   Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Videos
   Substitute Name: C:\Windows\system32\config\systemprofile\Videos

..
    
...
    
...
    
...
    
...
    
...
    
...
    

Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.

...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
..\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

.
    
.



#10 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 November 2013 - 11:27 AM

I read over my last post this morning and saw the the error at the top "The process cannot access the file because it is being used by another process"

 

I thought maybe I double-clicked too many times and the Junction program got confused so I ran the Junction program again and got different information in the log.

 

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
   Print Name     : C:\Users
   Substitute Name: C:\Users

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

 

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

 

Failed to open \\?\c:\\System Volume Information: Access is denied.

...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Program Files\Windows Defender\en-US: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpEvMsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSoftEx.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Cookies: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Local Settings: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\My Documents: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Documents
   Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\NetHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\PrintHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Recent: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\SendTo: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Start Menu: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Templates: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\History: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

    
.\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Music: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Music
   Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Pictures: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Pictures
   Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Program Files\Windows Defender\en-US\systemprofile\Documents\My Videos: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Videos
   Substitute Name: C:\Windows\system32\config\systemprofile\Videos

..
    
.\\?\c:\\ProgramData\Application Data: JUNCTION
   Print Name     : C:\ProgramData
   Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
   Print Name     : C:\Users\Public\Desktop
   Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
   Print Name     : C:\Users\Public\Documents
   Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
   Print Name     : C:\Users\Public\Favorites
   Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Start Menu
   Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Templates
   Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\496eb4627a3cd26c7a06c6ebbfea99dd_29ca7291-e20b-45a9-84ff-151989fd882c: Access is denied.

 

    
...
Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.

 

Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

 

    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
\\?\c:\\Users\All Users: SYMBOLIC LINK
   Print Name     : C:\ProgramData
   Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
   Print Name     : C:\Users\Default
   Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
   Print Name     : C:\ProgramData
   Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
   Print Name     : C:\Users\Public\Desktop
   Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
   Print Name     : C:\Users\Public\Documents
   Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
   Print Name     : C:\Users\Public\Favorites
   Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Start Menu
   Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
   Print Name     : C:\ProgramData\Microsoft\Windows\Templates
   Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\496eb4627a3cd26c7a06c6ebbfea99dd_29ca7291-e20b-45a9-84ff-151989fd882c: Access is denied.

.
    
..
Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.

 

Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

.
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Users\Default\Application Data: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming
   Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local
   Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
   Print Name     : C:\Users\Default\Documents
   Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
   Print Name     : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local
   Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

    
\\?\c:\\Users\Default\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Default\Music
   Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Default\Pictures
   Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Default\Videos
   Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Monkey\Application Data: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming
   Substitute Name: C:\Users\Monkey\AppData\Roaming

\\?\c:\\Users\Monkey\Cookies: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Monkey\Local Settings: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local
   Substitute Name: C:\Users\Monkey\AppData\Local

\\?\c:\\Users\Monkey\My Documents: JUNCTION
   Print Name     : C:\Users\Monkey\Documents
   Substitute Name: C:\Users\Monkey\Documents

\\?\c:\\Users\Monkey\NetHood: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Monkey\PrintHood: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Monkey\Recent: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Monkey\SendTo: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Monkey\Start Menu: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Monkey\Templates: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Users\Monkey\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Monkey\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local
   Substitute Name: C:\Users\Monkey\AppData\Local

\\?\c:\\Users\Monkey\AppData\Local\History: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Users\Monkey\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Monkey\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Users\Monkey\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Users\Monkey\AppData\Local\Microsoft\Windows\Temporary Internet Files

...
    
...
    
...
    
..\\?\c:\\Users\Monkey\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Monkey\Music
   Substitute Name: C:\Users\Monkey\Music

\\?\c:\\Users\Monkey\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Monkey\Pictures
   Substitute Name: C:\Users\Monkey\Pictures

.\\?\c:\\Users\Monkey\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Monkey\Videos
   Substitute Name: C:\Users\Monkey\Videos

    
...
    
..\\?\c:\\Users\Public\Documents\My Music: JUNCTION
   Print Name     : C:\Users\Public\Music
   Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
   Print Name     : C:\Users\Public\Pictures
   Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
   Print Name     : C:\Users\Public\Videos
   Substitute Name: C:\Users\Public\Videos

.
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\System32\config\systemprofile\Cookies: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Documents
   Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
   Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

..\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Music
   Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Pictures
   Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION
   Print Name     : C:\Windows\system32\config\systemprofile\Videos
   Substitute Name: C:\Windows\system32\config\systemprofile\Videos

.
    
...
    
...
    
...
    
...
    
...
    
...
    
.
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.

..
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...
    
...\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

\\?\c:\\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll: SYMBOLIC LINK
   Print Name     : c:\windows\system32\config
   Substitute Name: \systemroot\system32\config

    
..



#11 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 November 2013 - 11:29 AM

Nevermind, it looks the same. It just looked different in the Notepad.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 18 November 2013 - 12:02 PM

Hello Harvestsmiles



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.19KB   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 18 November 2013 - 09:15 PM

When I opened the FRST program the "FIX" button looked pressed in and read "Fixing..."  A few seconds later a small window opened that said there was a fixlog created. It reads:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by Monkey at 2013-11-16 05:56:09 Run:3
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Windows\assembly\GAC\Desktop.ini
C:\Users\Monkey\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe
C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll
C:\Users\Monkey\AppData\Local\Temp\lowproc.exe
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe
C:\Users\Monkey\AppData\Local\Temp\stubhelper.dll
C:\Users\Monkey\AppData\Local\Temp\SymLCSVC.EXE
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s
*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Could not move "C:\Windows\assembly\GAC\Desktop.ini" => Scheduled to move on reboot.
"C:\Users\Monkey\AppData\Local\Google\Desktop\Install" => File/Directory not found.

"C:\Program Files\Google\Desktop\Install" directory move:

Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

"C:\Users\Monkey\AppData\Local\Temp\HitmanPro.exe" => File/Directory not found.
"C:\Users\Monkey\AppData\Local\Temp\htmlayout.dll" => File/Directory not found.
"C:\Users\Monkey\AppData\Local\Temp\lowproc.exe" => File/Directory not found.
C:\Users\Monkey\AppData\Local\Temp\ose00001.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========

C:\Windows\assembly\GAC\Desktop.ini => Is moved successfully.
C:\Program Files\Google\Desktop\Install => Deleted successfully.

==== End of Fixlog ====

 

 

I closed and reopened the FRST program and the FIX button was available to press. I pressed it and got a different Fixlog. It Reads:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by Monkey at 2013-11-18 19:08:32 Run:4
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MSASCui.exe"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpAsDesc.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpClient.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCmdRun.exe"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpEvMsg.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpOAV.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRtMon.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRtPlug.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSigDwn.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSoftEx.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSvc.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpCom.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpLics.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpRes.dll"
cmd: fsutil reparsepoint delete "c:\Program Files\Windows Defender\en-US"

*****************

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MSASCui.exe" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpAsDesc.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpClient.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpCmdRun.exe" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpEvMsg.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpOAV.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRtMon.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpRtPlug.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSigDwn.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSoftEx.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MpSvc.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpCom.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpLics.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\MsMpRes.dll" =========

========= End of CMD: =========

=========  fsutil reparsepoint delete "c:\Program Files\Windows Defender\en-US" =========

========= End of CMD: =========

==== End of Fixlog ====

 

Hope this helps in getting to the bottom of this bug.

Thanks,

Kevin



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 18 November 2013 - 09:44 PM





Hello Kevin

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Harvestsmiles

Harvestsmiles
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 18 November 2013 - 10:38 PM

(Still can not download onto laptop directly so using our PC I downloaded to a thumbdrive then  copied/paste to desktop.)

 

Downloaded and ran Malwarebytes. Finished and said: 

Congratulations, No cleanup required!

Scan Finished. No Malware Found

 

Internet still working.

Can not access Windows Updates or Firewall programs.

 

Windows Update gives error:

"Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer."

 

Firewall gives error:

"Due to an unidentified problem, Windows cannot display Windows Firewall settings.

 

So doesn't look like anything changed. Should I move forward and run RogueKiller or do something else?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users