djmonsta Posted November 7, 2011 ID:492523 Share Posted November 7, 2011 Hi. I suspect I have a Master Boot Record virus / Malware. I have run a FULL Malwarebytes scan to no avail. Every so often my laptop will emit sound that I can only describe as radio / tv (I can hear adverts and song clips). Nothing in task manager seems to identify anything. Also Google searches redirect to 'Budget Match' and also Google instant is no longer working? Here are my logs as requested:DSS.TXT:-.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Adam Harrison at 21:39:13 on 2011-11-07Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1916.399 [GMT 0:00].AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\3\3Connect\BecHelperService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Toshiba TEMPRO\TemproSvc.exeC:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Windows\System32\alg.exeC:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\RtHDVCpl.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\BitTorrent\BitTorrent.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Bomgar\Representative\connect.torex.com\bomgar-rep.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\SpeedFan\speedfan.exeC:\Program Files\UltraVNC\winvnc.exeC:\Program Files\ZooskMessenger\ZooskMessenger.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Windows\system32\DllHost.exeC:\Program Files\Windows Live\Companion\companionuser.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEAuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [bitTorrent] "c:\program files\bittorrent\BitTorrent.exe"uRun: [Google Update] "c:\users\adam harrison\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /startmRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minStartupFolder: c:\users\adamha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exeStartupFolder: c:\users\adamha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\ultrav~1.lnk - c:\program files\ultravnc\winvnc.exeStartupFolder: c:\users\adamha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\connect.torex.com\bomgar-rep.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exeIE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=homeIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllTrusted Zone: google.com\wwwDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cabDPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100TCP: DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14} : DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252} : DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\2456C6B696E6027402D494D4F4 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\24F6267237026616D696C69702E6564777F627B6 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\35B4950323134393 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\35B4953393631323 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\75746303236533 : DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{B1594E74-7568-473B-BE05-37A5B20BC252}\E4544574541425 : DhcpNameServer = 194.168.4.100 194.168.8.100Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: igfxcui - igfxdev.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-5 36000]R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-12-26 25896]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-5 74640]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-4-22 12904]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-4-24 347648]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-31 39272]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-8 15872].=============== Created Last 30 ================.2011-11-07 12:30:32 -------- d-----w- c:\users\adam harrison\appdata\local\{1F27CE28-1D51-4C30-8000-321A9783ADDD}2011-11-07 12:30:13 -------- d-----w- c:\users\adam harrison\appdata\local\{72AE0E44-3209-4FB0-9801-36ABB0F52A3C}2011-11-06 22:00:17 -------- d-----w- c:\users\adam harrison\appdata\local\{F7E7888A-D250-4737-AA9B-67CA12F7A88D}2011-11-06 21:59:45 -------- d-----w- c:\users\adam harrison\appdata\local\{2DC57C2E-A95D-4983-A5F7-BDDEE08D8D06}2011-11-06 09:59:12 -------- d-----w- c:\users\adam harrison\appdata\local\{A9370B74-F90D-43EA-A26D-7C9AF3FA0114}2011-11-06 09:58:49 -------- d-----w- c:\users\adam harrison\appdata\local\{E5B82174-69B0-467C-BD68-7BC3E32833E7}2011-11-05 21:58:31 -------- d-----w- c:\users\adam harrison\appdata\local\{3B1D4B60-419C-4803-9FA7-06146CDB57E1}2011-11-05 21:58:05 -------- d-----w- c:\users\adam harrison\appdata\local\{DEC423BF-7012-4BC7-B0FB-1652AD6447B5}2011-11-05 21:43:27 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{14c9ab1c-9943-493d-91b2-46ecde1bac09}\offreg.dll2011-11-05 21:14:28 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{14c9ab1c-9943-493d-91b2-46ecde1bac09}\mpengine.dll2011-11-05 21:14:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-11-05 21:14:01 141088 ----a-w- c:\program files\internet explorer\sqmapi.dll2011-11-05 21:14:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll2011-11-05 21:13:59 1798144 ----a-w- c:\windows\system32\jscript9.dll2011-11-05 21:13:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll2011-11-05 21:13:58 1126912 ----a-w- c:\windows\system32\wininet.dll2011-11-05 20:44:41 -------- d-----w- c:\program files\Sophos2011-11-05 20:41:23 -------- d-----w- c:\users\adam harrison\appdata\roaming\SUPERAntiSpyware.com2011-11-05 18:51:44 -------- d-----w- c:\users\adam harrison\appdata\roaming\Avira2011-11-05 18:50:28 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-11-05 18:50:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys2011-11-05 18:50:26 -------- d-----w- c:\program files\Avira2011-11-05 09:57:19 -------- d-----w- c:\users\adam harrison\appdata\local\{918C6C30-D53C-48B5-AF3F-E3A095F7092E}2011-11-05 09:56:58 -------- d-----w- c:\users\adam harrison\appdata\local\{4DC43B73-B09A-47FF-AB7F-78E2A68292AE}2011-11-04 18:15:49 -------- d-----w- c:\users\adam harrison\appdata\local\{987D51A3-71D8-431B-B822-E72A3D6EFF23}2011-11-04 18:15:26 -------- d-----w- c:\users\adam harrison\appdata\local\{CD35E468-76BF-4D69-8457-583756BF34C7}2011-11-04 11:08:04 -------- d-----w- c:\users\adam harrison\appdata\local\{E42B08F9-F246-461B-9F1C-7BACD5CF27F1}2011-11-04 11:07:41 -------- d-----w- c:\users\adam harrison\appdata\local\{BF5BB880-C2B6-48ED-873B-3D70153D0CB2}2011-11-03 23:07:23 -------- d-----w- c:\users\adam harrison\appdata\local\{EBBE381F-65D9-4182-A6E4-C9F2D4E4E11F}2011-11-03 23:07:08 -------- d-----w- c:\users\adam harrison\appdata\local\{6E4C73F4-B00D-4B02-92E1-17056D3876CF}2011-11-02 11:06:35 -------- d-----w- c:\users\adam harrison\appdata\local\{D8A246A2-2446-4776-B1A4-2F677E332D70}2011-11-02 11:06:18 -------- d-----w- c:\users\adam harrison\appdata\local\{08659C29-BEBF-4C22-8DD2-8C8C82AC47AA}2011-11-01 19:22:50 -------- d-----w- c:\users\adam harrison\appdata\local\{D9A1566C-D5E2-4148-A587-799718143E88}2011-11-01 19:22:25 -------- d-----w- c:\users\adam harrison\appdata\local\{F3739F6D-85D6-4A6C-9A2C-FB7FE95E50D1}2011-11-01 07:22:08 -------- d-----w- c:\users\adam harrison\appdata\local\{19980921-2F01-485F-88AC-9AE8F224D2A9}2011-11-01 07:21:53 -------- d-----w- c:\users\adam harrison\appdata\local\{7FF192D6-F94D-4F03-84FD-F3A6852E09CE}2011-10-31 08:44:23 -------- d-----w- c:\users\adam harrison\appdata\local\{3BC4D264-4DC1-41C6-A025-99E3EC2D758C}2011-10-31 08:44:05 -------- d-----w- c:\users\adam harrison\appdata\local\{257434F0-0339-46A3-9841-57ACD3EAE22A}2011-10-30 12:35:03 -------- d-----w- c:\users\adam harrison\appdata\local\{320EB902-CFCC-4FDD-8D82-54B36490769E}2011-10-30 12:34:40 -------- d-----w- c:\users\adam harrison\appdata\local\{B0D4BA44-F77D-4133-A773-FED0B48D6DF0}2011-10-30 00:59:31 -------- d-----w- c:\program files\Vstplugins2011-10-30 00:58:21 -------- d-----w- c:\program files\Sony Setup2011-10-30 00:34:21 -------- d-----w- c:\users\adam harrison\appdata\local\{3C577EC1-3016-48AB-B21F-56C2783B0705}2011-10-30 00:34:00 -------- d-----w- c:\users\adam harrison\appdata\local\{7499071D-B280-4882-BD0B-AA97A117D71A}2011-10-28 23:54:03 -------- d-----w- c:\users\adam harrison\appdata\local\{E50C10A0-FFFB-43CD-A2EA-AD1531352277}2011-10-28 23:53:40 -------- d-----w- c:\users\adam harrison\appdata\local\{149D61E9-9652-4C1E-8D5D-E2290060C4A7}2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-10-28 21:19:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2011-10-28 00:05:42 -------- d-----w- c:\users\adam harrison\appdata\local\{6ED6C3BF-E9F5-464C-AE9C-2461BEF76536}2011-10-26 22:56:07 -------- d-----w- c:\users\adam harrison\appdata\local\{FD1FFB82-DF8D-4184-8BB8-CB7228BCB79B}2011-10-26 22:55:53 -------- d-----w- c:\users\adam harrison\appdata\local\{551135B2-B7B4-4447-8532-DE35B394284D}2011-10-25 22:48:00 163840 ----a-w- c:\windows\system32\AnimationGIF.ocx2011-10-25 22:47:58 -------- d-----w- c:\program files\Software Illusions2011-10-25 22:32:47 -------- d-----w- c:\users\adam harrison\appdata\local\{BABE5EB4-73B0-4940-9B0B-1161A57CC47A}2011-10-25 07:11:30 -------- d-----w- c:\users\adam harrison\appdata\local\{E34226CF-3DC1-4408-8977-F6F2714D42A0}2011-10-25 07:10:25 -------- d-----w- c:\users\adam harrison\appdata\local\{3778D456-DA81-42FE-AC01-D9C51F90AE22}2011-10-24 21:44:15 -------- d-----w- C:\Hard2011-10-24 17:06:19 -------- d-----w- c:\users\adam harrison\appdata\local\{33A0B8C4-9FED-47EE-AA6E-646A4910A654}2011-10-24 17:03:39 -------- d-----w- c:\users\adam harrison\appdata\local\{DD8368D8-6368-4463-B0C4-A9C313F81773}2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-10-23 15:51:08 -------- d-----w- c:\users\adam harrison\appdata\local\{8021D167-787E-4810-AC12-24A0C6EFA18B}2011-10-23 15:50:54 -------- d-----w- c:\users\adam harrison\appdata\local\{A5CD3386-F2FF-4B94-906D-DA8401BE5F2B}2011-10-22 21:11:21 -------- d-----w- c:\users\adam harrison\appdata\local\{4458FA03-69C1-4B41-B44C-6ADBCE7C3539}2011-10-22 21:11:00 -------- d-----w- c:\users\adam harrison\appdata\local\{75F69AF5-22F4-486B-86F8-73A5C3E27CC5}2011-10-21 09:29:24 -------- d-----w- c:\users\adam harrison\appdata\local\{CC4D9011-F600-4B0F-A7CE-62A4902439C5}2011-10-21 09:29:01 -------- d-----w- c:\users\adam harrison\appdata\local\{0E1630FC-8C4B-448E-A154-6ACC916BA2EF}2011-10-20 21:28:54 -------- d-----w- c:\users\adam harrison\appdata\local\{BB82CA9C-01E3-4D18-8878-DDC8E24470B7}2011-10-20 21:28:52 -------- d-----w- c:\users\adam harrison\appdata\local\{B47B6D31-48D7-412D-A972-A7CA4AD61B9B}2011-10-20 10:56:16 -------- d-----w- c:\program files\Rockstar Games2011-10-20 09:28:33 -------- d-----w- c:\users\adam harrison\appdata\local\{00443778-7615-4A19-B249-29D3958B8453}2011-10-20 09:26:47 -------- d-----w- c:\users\adam harrison\appdata\local\{A0E07FAA-1E82-4E43-BA18-5EE7CF0AB482}2011-10-19 23:16:15 -------- d-----w- C:\TEMP2011-10-19 20:47:57 -------- d-----w- c:\users\adam harrison\appdata\local\{A051BC36-F1D0-4BA8-BCD9-0CEAFE9DDA71}2011-10-19 20:47:33 -------- d-----w- c:\users\adam harrison\appdata\local\{8A483F76-61DD-4D28-BFB6-A9BEBB75D592}2011-10-19 08:47:16 -------- d-----w- c:\users\adam harrison\appdata\local\{744D0CCC-DAE2-4B72-A0E9-E60B423E126F}2011-10-19 08:47:03 -------- d-----w- c:\users\adam harrison\appdata\local\{907DBBD4-5297-418D-9071-7B60C8A3BF6D}2011-10-18 20:30:42 -------- d-----w- c:\users\adam harrison\appdata\local\{09112556-4594-4EE3-A9B1-1EE41AC7D093}2011-10-18 20:30:17 -------- d-----w- c:\users\adam harrison\appdata\local\{08F0E623-81B3-418E-B238-99C646B866F7}2011-10-18 08:30:00 -------- d-----w- c:\users\adam harrison\appdata\local\{52569C33-A2BA-4A35-9598-7A226DC2F8FF}2011-10-18 08:29:43 -------- d-----w- c:\users\adam harrison\appdata\local\{8E84C68E-3003-4A24-A047-A77D9A9E0A88}2011-10-17 18:13:19 -------- d-----w- c:\users\adam harrison\appdata\local\{075AC0E6-1908-4B53-BA27-FB9D1C7D9F25}2011-10-17 18:12:29 -------- d-----w- c:\users\adam harrison\appdata\local\{6B36D4F0-DC17-4DF1-B74A-68E13BDA054B}2011-10-16 22:16:06 -------- d-----w- c:\users\adam harrison\appdata\local\{1F52EFBB-CDBF-433C-BE15-59A02971CAAC}2011-10-16 22:15:49 -------- d-----w- c:\users\adam harrison\appdata\local\{DBA64CD4-29FA-4F02-AC40-FB057F71A262}2011-10-16 09:33:52 -------- d-----w- c:\users\adam harrison\appdata\local\{BCF8A33E-8A48-465D-8448-6C4062B59C60}2011-10-16 09:33:40 -------- d-----w- c:\users\adam harrison\appdata\local\{3D024A02-88A3-4D3C-80AF-B6FCB7A649A9}2011-10-15 18:29:05 -------- d-----w- c:\users\adam harrison\appdata\local\{B4EA491C-A115-43D9-AB3F-6B539FC602EC}2011-10-15 18:28:52 -------- d-----w- c:\users\adam harrison\appdata\local\{D62911BD-0E6E-435D-A78F-87254F962532}2011-10-15 05:45:09 -------- d-----w- c:\program files\ZooskMessenger2011-10-15 05:41:02 -------- d-----w- c:\users\adam harrison\appdata\local\{C5F6379A-747A-43A5-B848-2C12D7988B84}2011-10-15 05:40:17 -------- d-----w- c:\users\adam harrison\appdata\local\{5957D240-ED93-443D-B1C2-1A8B79569A90}2011-10-13 20:59:13 75776 ----a-w- c:\windows\system32\psisrndr.ax2011-10-13 20:59:12 465408 ----a-w- c:\windows\system32\psisdecd.dll2011-10-13 20:59:10 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-13 20:59:10 233472 ----a-w- c:\windows\system32\oleacc.dll2011-10-13 20:59:04 2334720 ----a-w- c:\windows\system32\win32k.sys2011-10-13 13:08:22 -------- d-----w- c:\users\adam harrison\appdata\local\{2E800B87-24CC-405D-BA9A-5FF56C3EC317}2011-10-13 13:08:10 -------- d-----w- c:\users\adam harrison\appdata\local\{56D90225-12E6-48EA-B1F1-A87CB7DD9F61}2011-10-12 20:02:27 -------- d-----w- c:\users\adam harrison\appdata\local\{4128BBF5-BF49-462A-AC5F-01B8ACE30EC9}2011-10-12 20:02:10 -------- d-----w- c:\users\adam harrison\appdata\local\{8D3E8949-FCC2-40F8-A109-C261410CB16D}2011-10-11 20:44:03 -------- d-----w- c:\users\adam harrison\appdata\local\{4BD84E4E-2F0F-4C20-8FB1-DE4B5800458A}2011-10-11 20:43:40 -------- d-----w- c:\users\adam harrison\appdata\local\{23738F8A-2F01-47F7-B86C-5307F9A5C0B3}2011-10-11 08:39:35 -------- d-----w- c:\users\adam harrison\appdata\local\{62DF659B-FB92-4139-8648-B58EB8097FDC}2011-10-11 08:39:23 -------- d-----w- c:\users\adam harrison\appdata\local\{76574220-2B25-40EB-ADE0-64867ADA5C4F}2011-10-10 18:08:28 -------- d-----w- c:\users\adam harrison\appdata\local\{32298689-0B81-494F-907B-A385D7CB5FF9}2011-10-10 18:08:13 -------- d-----w- c:\users\adam harrison\appdata\local\{6E3A3486-3F04-485F-AEE5-B29578AC9926}2011-10-09 17:20:30 -------- d-----w- c:\users\adam harrison\appdata\local\{7E9DC586-2083-4C93-9E98-D9F1EAE62798}2011-10-09 17:20:25 -------- d-----w- c:\users\adam harrison\appdata\local\{C51C3A92-8EF7-4D06-955C-63B6A6AA7A2B}2011-10-09 01:38:21 -------- d-----w- c:\users\adam harrison\appdata\local\{6F9B25EA-362A-4506-AECD-803D7750DE0B}2011-10-09 01:37:52 -------- d-----w- c:\users\adam harrison\appdata\local\{6C059175-D952-47D5-AB34-7A55EDEBE00E}.==================== Find3M ====================.2011-11-04 18:14:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.============= FINISH: 21:47:44.61 ===============ATTACH.TXT:-.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2Install Date: 02/11/2009 09:42:20System Uptime: 07/11/2011 05:33:09 (16 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Genuine Intel® CPU T1600 @ 1.66GHz | CPU | 1662/667mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 74 GiB total, 24.392 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 73 GiB total, 10.358 GiB free.F: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP197: 05/11/2011 21:06:23 - Windows Update.==== Installed Programs ======================.32 Bit HP CIO Components Installer3ConnectActivation Assistant for the 2007 Microsoft Office suitesAdobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader 8.3.0Adobe Shockwave Player 11.6Apple Application SupportApple Mobile Device SupportApple Software UpdateAres 2.1.7Audacity 1.2.6Avira Free AntivirusBitTorrentBomgar Representative Console 11.1.1 [connect.torex.com]BonjourCamera Assistant Software for ToshibaCCleanerCD/DVD Drive Acoustic SilencerCompatibility Pack for the 2007 Office systemCPUID CPU-Z 1.53.1CPUID HWMonitor 1.15D3DX10Drug Lord 2Facebook Video Calling 1.0.0.8714gen_msn_adv 1.1Google Chrome FrameGoogle Earth Plug-inGoogle Update HelperGrand Theft AutoHuawei modemImgBurnIntel® Graphics Media Accelerator DriverIntel® TV WizardIntel® Matrix Storage ManagerIsoBuster 2.8iTunesJava Auto UpdaterJava 6 Update 26Java 6 Update 6Junk Mail filter updateMalwarebytes' Anti-Malware version 1.51.2.1300Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office XP Professional with FrontPageMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XML ParserMSVC80_x86MSVCRTMSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Netropolis Turbo Pack, Build 0207aPC Connectivity SolutionPokerStarsQuickTimeRealtek 8169 8168 8101E 8102E Ethernet DriverRealtek High Definition Audio DriverREALTEK RTL8187B Wireless LAN DriverRealtek USB 2.0 Card ReaderRealtek WiFi Protected Setup LibrarySecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Sibelius Scorch (ActiveX Only)SimCity 4 DeluxeSkype Click to CallSkype™ 5.5Sony ACID Pro 6.0Sony Media Manager 2.1Sony Media Manager 2.2SopCast 3.3.2Sophos Anti-Rootkit 1.5.20SpeedFan (remove only)SpotifySpybot - Search & DestroySUPERAntiSpywareswMSMSynaptics Pointing Device DriverSystem Requirements Lab CYRITOSHIBA AssistTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA ManualsToshiba Online Product InformationTOSHIBA Recovery Disc CreatorTOSHIBA Software ModemTOSHIBA Supervisor PasswordToshiba TEMPROTOSHIBA Value Added PackageTRDCReminderTRORDCLauncherUltraVNC 1.0.8.2Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)VirtualCloneDriveVLC media player 0.9.9Wheel of Fortune 1.02WinampWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Encoder 9 SeriesWinRAR archiverZoosk Messenger.==== Event Viewer Messages From Past Week ========.31/10/2011 12:23:36, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.2. The allocator has disabled itself on the interface to avoid confusing DHCP clients.31/10/2011 11:53:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.07/11/2011 20:16:47, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.12. The allocator has disabled itself on the interface to avoid confusing DHCP clients.07/11/2011 12:30:03, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.06/11/2011 17:12:07, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.06/11/2011 16:14:59, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2120533923/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.06/11/2011 16:14:59, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.06/11/2011 16:13:42, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.06/11/2011 16:13:38, Error: Service Control Manager [7000] - The Avira AntiVir MailGuard service failed to start due to the following error: The system cannot find the file specified.05/11/2011 18:46:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb05/11/2011 18:46:03, Error: Service Control Manager [7001] - The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The system cannot find the file specified.05/11/2011 18:45:52, Error: Service Control Manager [7001] - The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The system cannot find the file specified.05/11/2011 18:45:52, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The system cannot find the file specified.05/11/2011 18:45:51, Error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: The system cannot find the file specified.05/11/2011 18:45:49, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: The system cannot find the file specified.05/11/2011 18:40:57, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.05/11/2011 18:38:44, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.04/11/2011 18:34:37, Error: Service Control Manager [7024] - The Avira AntiVir WebGuard service terminated with service-specific error Incorrect function..04/11/2011 18:34:37, Error: Service Control Manager [7024] - The Avira AntiVir MailGuard service terminated with service-specific error Incorrect function..04/11/2011 18:05:40, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.04/11/2011 17:55:32, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@0101000404/11/2011 17:53:51, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.04/11/2011 17:19:41, Error: NetBT [4313] - Unable to open the Registry Linkage to read configuration information.04/11/2011 16:22:28, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.105.43, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.04/11/2011 15:52:12, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).04/11/2011 15:24:56, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.04/11/2011 15:19:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}04/11/2011 15:19:25, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.04/11/2011 15:09:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.04/11/2011 15:09:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}04/11/2011 15:09:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}04/11/2011 15:09:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}04/11/2011 15:09:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}04/11/2011 15:09:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb discache ElbyCDIO spldr sptd ssmdrv Wanarpv604/11/2011 15:08:37, Error: sptd [4] - Driver detected an internal error in its data structures for .04/11/2011 15:05:54, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.04/11/2011 15:05:54, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists..==== End Of File ===========================Thank you in advance for your help. Link to post Share on other sites More sharing options...
Elise Posted November 8, 2011 ID:492624 Share Posted November 8, 2011 Hello, and I see not evidence of an MBR rootkit, but lets do an additional scan.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
djmonsta Posted November 8, 2011 Author ID:492663 Share Posted November 8, 2011 15:02:26.0748 6872 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:5115:02:28.0752 6872 ============================================================15:02:28.0752 6872 Current date / time: 2011/11/08 15:02:28.075215:02:28.0752 6872 SystemInfo:15:02:28.0752 6872 15:02:28.0752 6872 OS Version: 6.1.7601 ServicePack: 1.015:02:28.0752 6872 Product type: Workstation15:02:28.0752 6872 ComputerName: ADAMHARRISON-PC15:02:28.0753 6872 UserName: Adam Harrison15:02:28.0753 6872 Windows directory: C:\Windows15:02:28.0753 6872 System windows directory: C:\Windows15:02:28.0753 6872 Processor architecture: Intel x8615:02:28.0753 6872 Number of processors: 215:02:28.0753 6872 Page size: 0x100015:02:28.0753 6872 Boot type: Normal boot15:02:28.0753 6872 ============================================================15:02:30.0183 6872 Initialize success15:02:33.0842 4568 ============================================================15:02:33.0842 4568 Scan started15:02:33.0842 4568 Mode: Manual; 15:02:33.0842 4568 ============================================================15:02:34.0470 4568 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys15:02:34.0475 4568 1394ohci - ok15:02:34.0528 4568 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys15:02:34.0534 4568 ACPI - ok15:02:34.0648 4568 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys15:02:34.0650 4568 AcpiPmi - ok15:02:34.0729 4568 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys15:02:34.0737 4568 adp94xx - ok15:02:34.0865 4568 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys15:02:34.0871 4568 adpahci - ok15:02:34.0922 4568 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys15:02:34.0927 4568 adpu320 - ok15:02:35.0071 4568 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys15:02:35.0080 4568 AFD - ok15:02:35.0294 4568 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys15:02:35.0312 4568 AgereSoftModem - ok15:02:35.0452 4568 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys15:02:35.0454 4568 agp440 - ok15:02:35.0548 4568 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys15:02:35.0551 4568 aic78xx - ok15:02:35.0735 4568 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys15:02:35.0737 4568 aliide - ok15:02:35.0780 4568 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys15:02:35.0782 4568 amdagp - ok15:02:35.0896 4568 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys15:02:35.0898 4568 amdide - ok15:02:35.0994 4568 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys15:02:35.0997 4568 AmdK8 - ok15:02:36.0055 4568 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys15:02:36.0058 4568 AmdPPM - ok15:02:36.0125 4568 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys15:02:36.0128 4568 amdsata - ok15:02:36.0204 4568 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys15:02:36.0208 4568 amdsbs - ok15:02:36.0312 4568 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys15:02:36.0326 4568 amdxata - ok15:02:36.0526 4568 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys15:02:36.0528 4568 AppID - ok15:02:36.0767 4568 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys15:02:36.0771 4568 arc - ok15:02:36.0804 4568 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys15:02:36.0807 4568 arcsas - ok15:02:36.0999 4568 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys15:02:37.0001 4568 AsyncMac - ok15:02:37.0067 4568 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys15:02:37.0069 4568 atapi - ok15:02:37.0239 4568 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys15:02:37.0243 4568 avgntflt - ok15:02:37.0295 4568 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys15:02:37.0299 4568 avipbb - ok15:02:37.0408 4568 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys15:02:37.0411 4568 avkmgr - ok15:02:37.0554 4568 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys15:02:37.0563 4568 b06bdrv - ok15:02:37.0697 4568 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys15:02:37.0702 4568 b57nd60x - ok15:02:37.0860 4568 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys15:02:37.0862 4568 Beep - ok15:02:37.0929 4568 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys15:02:37.0931 4568 blbdrive - ok15:02:38.0078 4568 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys15:02:38.0081 4568 bowser - ok15:02:38.0116 4568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys15:02:38.0117 4568 BrFiltLo - ok15:02:38.0224 4568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys15:02:38.0226 4568 BrFiltUp - ok15:02:38.0322 4568 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys15:02:38.0357 4568 Brserid - ok15:02:38.0479 4568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys15:02:38.0482 4568 BrSerWdm - ok15:02:38.0570 4568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys15:02:38.0572 4568 BrUsbMdm - ok15:02:38.0604 4568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys15:02:38.0606 4568 BrUsbSer - ok15:02:38.0641 4568 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys15:02:38.0644 4568 BTHMODEM - ok15:02:38.0842 4568 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys15:02:38.0845 4568 cdfs - ok15:02:39.0027 4568 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys15:02:39.0031 4568 cdrom - ok15:02:39.0125 4568 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys15:02:39.0127 4568 circlass - ok15:02:39.0226 4568 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys15:02:39.0231 4568 CLFS - ok15:02:39.0406 4568 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys15:02:39.0409 4568 CmBatt - ok15:02:39.0451 4568 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys15:02:39.0453 4568 cmdide - ok15:02:39.0499 4568 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys15:02:39.0507 4568 CNG - ok15:02:39.0658 4568 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys15:02:39.0660 4568 Compbatt - ok15:02:39.0706 4568 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys15:02:39.0707 4568 CompositeBus - ok15:02:39.0858 4568 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys15:02:39.0860 4568 crcdisk - ok15:02:40.0020 4568 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys15:02:40.0028 4568 CSC - ok15:02:40.0172 4568 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys15:02:40.0176 4568 DfsC - ok15:02:40.0207 4568 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys15:02:40.0210 4568 discache - ok15:02:40.0345 4568 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys15:02:40.0347 4568 Disk - ok15:02:40.0403 4568 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys15:02:40.0405 4568 drmkaud - ok15:02:40.0540 4568 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys15:02:40.0553 4568 DXGKrnl - ok15:02:40.0764 4568 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys15:02:40.0815 4568 ebdrv - ok15:02:40.0978 4568 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys15:02:40.0980 4568 ElbyCDIO - ok15:02:41.0041 4568 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys15:02:41.0050 4568 elxstor - ok15:02:41.0160 4568 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys15:02:41.0162 4568 ErrDev - ok15:02:41.0312 4568 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys15:02:41.0317 4568 exfat - ok15:02:41.0353 4568 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys15:02:41.0357 4568 fastfat - ok15:02:41.0492 4568 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys15:02:41.0494 4568 fdc - ok15:02:41.0536 4568 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys15:02:41.0538 4568 FileInfo - ok15:02:41.0560 4568 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys15:02:41.0562 4568 Filetrace - ok15:02:41.0688 4568 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys15:02:41.0690 4568 flpydisk - ok15:02:41.0738 4568 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys15:02:41.0742 4568 FltMgr - ok15:02:41.0855 4568 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys15:02:41.0857 4568 FsDepends - ok15:02:41.0996 4568 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys15:02:41.0998 4568 fssfltr - ok15:02:42.0054 4568 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys15:02:42.0085 4568 Fs_Rec - ok15:02:42.0257 4568 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys15:02:42.0262 4568 fvevol - ok15:02:42.0316 4568 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys15:02:42.0318 4568 FwLnk - ok15:02:42.0435 4568 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys15:02:42.0438 4568 gagp30kx - ok15:02:42.0508 4568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys15:02:42.0510 4568 GEARAspiWDM - ok15:02:42.0623 4568 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys15:02:42.0626 4568 giveio - ok15:02:42.0799 4568 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys15:02:42.0801 4568 hcw85cir - ok15:02:42.0865 4568 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys15:02:42.0868 4568 HDAudBus - ok15:02:42.0975 4568 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys15:02:42.0977 4568 HidBatt - ok15:02:43.0025 4568 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys15:02:43.0028 4568 HidBth - ok15:02:43.0060 4568 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys15:02:43.0062 4568 HidIr - ok15:02:43.0186 4568 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys15:02:43.0189 4568 HidUsb - ok15:02:43.0266 4568 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys15:02:43.0269 4568 HpSAMD - ok15:02:43.0458 4568 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys15:02:43.0468 4568 HTTP - ok15:02:43.0635 4568 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys15:02:43.0638 4568 hwdatacard - ok15:02:43.0685 4568 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys15:02:43.0688 4568 hwpolicy - ok15:02:43.0858 4568 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys15:02:43.0862 4568 i8042prt - ok15:02:43.0911 4568 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys15:02:43.0914 4568 iaStor - ok15:02:44.0050 4568 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys15:02:44.0056 4568 iaStorV - ok15:02:44.0346 4568 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys15:02:44.0572 4568 igfx - ok15:02:44.0721 4568 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys15:02:44.0723 4568 iirsp - ok15:02:44.0915 4568 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys15:02:44.0948 4568 IntcAzAudAddService - ok15:02:45.0060 4568 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys15:02:45.0062 4568 intelide - ok15:02:45.0105 4568 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys15:02:45.0108 4568 intelppm - ok15:02:45.0210 4568 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys15:02:45.0213 4568 IpFilterDriver - ok15:02:45.0266 4568 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys15:02:45.0269 4568 IPMIDRV - ok15:02:45.0395 4568 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys15:02:45.0398 4568 IPNAT - ok15:02:45.0535 4568 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys15:02:45.0537 4568 IRENUM - ok15:02:45.0582 4568 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys15:02:45.0584 4568 isapnp - ok15:02:45.0698 4568 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys15:02:45.0704 4568 iScsiPrt - ok15:02:45.0742 4568 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys15:02:45.0744 4568 kbdclass - ok15:02:45.0905 4568 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys15:02:45.0907 4568 kbdhid - ok15:02:45.0963 4568 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys15:02:45.0965 4568 KSecDD - ok15:02:46.0016 4568 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys15:02:46.0019 4568 KSecPkg - ok15:02:46.0159 4568 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys15:02:46.0162 4568 lltdio - ok15:02:46.0234 4568 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys15:02:46.0237 4568 LSI_FC - ok15:02:46.0310 4568 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys15:02:46.0314 4568 LSI_SAS - ok15:02:46.0372 4568 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys15:02:46.0375 4568 LSI_SAS2 - ok15:02:46.0392 4568 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys15:02:46.0396 4568 LSI_SCSI - ok15:02:46.0505 4568 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys15:02:46.0508 4568 luafv - ok15:02:46.0573 4568 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys15:02:46.0575 4568 megasas - ok15:02:46.0647 4568 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys15:02:46.0652 4568 MegaSR - ok15:02:46.0744 4568 MEMSWEEP2 - ok15:02:46.0814 4568 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys15:02:46.0816 4568 Modem - ok15:02:46.0963 4568 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys15:02:46.0965 4568 monitor - ok15:02:47.0012 4568 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys15:02:47.0014 4568 mouclass - ok15:02:47.0143 4568 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys15:02:47.0145 4568 mouhid - ok15:02:47.0197 4568 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys15:02:47.0200 4568 mountmgr - ok15:02:47.0318 4568 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys15:02:47.0322 4568 mpio - ok15:02:47.0358 4568 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys15:02:47.0361 4568 mpsdrv - ok15:02:47.0502 4568 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys15:02:47.0506 4568 MRxDAV - ok15:02:47.0565 4568 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys15:02:47.0569 4568 mrxsmb - ok15:02:47.0665 4568 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys15:02:47.0671 4568 mrxsmb10 - ok15:02:47.0717 4568 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys15:02:47.0720 4568 mrxsmb20 - ok15:02:47.0822 4568 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys15:02:47.0824 4568 msahci - ok15:02:47.0872 4568 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys15:02:47.0875 4568 msdsm - ok15:02:48.0003 4568 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys15:02:48.0006 4568 Msfs - ok15:02:48.0065 4568 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys15:02:48.0067 4568 mshidkmdf - ok15:02:48.0102 4568 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys15:02:48.0104 4568 msisadrv - ok15:02:48.0217 4568 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys15:02:48.0219 4568 MSKSSRV - ok15:02:48.0277 4568 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys15:02:48.0279 4568 MSPCLOCK - ok15:02:48.0385 4568 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys15:02:48.0388 4568 MSPQM - ok15:02:48.0437 4568 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys15:02:48.0441 4568 MsRPC - ok15:02:48.0549 4568 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys15:02:48.0551 4568 mssmbios - ok15:02:48.0691 4568 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys15:02:48.0694 4568 MSTEE - ok15:02:48.0722 4568 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys15:02:48.0724 4568 MTConfig - ok15:02:48.0787 4568 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys15:02:48.0790 4568 Mup - ok15:02:48.0881 4568 mv2 (797bddfb4388c89e513b495cdf11bef5) C:\Windows\system32\DRIVERS\mv2.sys15:02:48.0883 4568 mv2 - ok15:02:49.0031 4568 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys15:02:49.0037 4568 NativeWifiP - ok15:02:49.0189 4568 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys15:02:49.0201 4568 NDIS - ok15:02:49.0333 4568 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys15:02:49.0335 4568 NdisCap - ok15:02:49.0381 4568 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys15:02:49.0384 4568 NdisTapi - ok15:02:49.0499 4568 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys15:02:49.0501 4568 Ndisuio - ok15:02:49.0560 4568 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys15:02:49.0563 4568 NdisWan - ok15:02:49.0687 4568 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys15:02:49.0690 4568 NDProxy - ok15:02:49.0742 4568 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys15:02:49.0744 4568 NetBIOS - ok15:02:49.0844 4568 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys15:02:49.0850 4568 NetBT - ok15:02:50.0012 4568 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys15:02:50.0014 4568 nfrd960 - ok15:02:50.0064 4568 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys15:02:50.0067 4568 Npfs - ok15:02:50.0228 4568 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys15:02:50.0230 4568 nsiproxy - ok15:02:50.0292 4568 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys15:02:50.0313 4568 Ntfs - ok15:02:50.0467 4568 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys15:02:50.0469 4568 Null - ok15:02:50.0600 4568 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys15:02:50.0604 4568 nvraid - ok15:02:50.0641 4568 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys15:02:50.0645 4568 nvstor - ok15:02:50.0773 4568 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys15:02:50.0777 4568 nv_agp - ok15:02:50.0822 4568 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys15:02:50.0825 4568 ohci1394 - ok15:02:50.0994 4568 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\Windows\System32\DRIVERS\papycpu2.sys15:02:50.0995 4568 papycpu2 - ok15:02:51.0195 4568 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\Windows\System32\DRIVERS\papyjoy.sys15:02:51.0197 4568 papyjoy - ok15:02:51.0241 4568 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys15:02:51.0244 4568 Parport - ok15:02:51.0385 4568 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys15:02:51.0388 4568 partmgr - ok15:02:51.0427 4568 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys15:02:51.0430 4568 Parvdm - ok15:02:51.0546 4568 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys15:02:51.0549 4568 pccsmcfd - ok15:02:51.0589 4568 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys15:02:51.0591 4568 pci - ok15:02:51.0620 4568 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys15:02:51.0622 4568 pciide - ok15:02:51.0748 4568 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys15:02:51.0754 4568 pcmcia - ok15:02:51.0779 4568 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys15:02:51.0781 4568 pcw - ok15:02:51.0915 4568 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys15:02:51.0926 4568 PEAUTH - ok15:02:52.0147 4568 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys15:02:52.0150 4568 PptpMiniport - ok15:02:52.0181 4568 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys15:02:52.0184 4568 Processor - ok15:02:52.0336 4568 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys15:02:52.0340 4568 Psched - ok15:02:52.0412 4568 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys15:02:52.0437 4568 ql2300 - ok15:02:52.0547 4568 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys15:02:52.0550 4568 ql40xx - ok15:02:52.0587 4568 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys15:02:52.0590 4568 QWAVEdrv - ok15:02:52.0623 4568 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys15:02:52.0626 4568 RasAcd - ok15:02:52.0777 4568 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys15:02:52.0778 4568 RasAgileVpn - ok15:02:52.0831 4568 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys15:02:52.0834 4568 Rasl2tp - ok15:02:52.0968 4568 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys15:02:52.0971 4568 RasPppoe - ok15:02:53.0005 4568 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys15:02:53.0008 4568 RasSstp - ok15:02:53.0130 4568 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys15:02:53.0136 4568 rdbss - ok15:02:53.0195 4568 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys15:02:53.0197 4568 rdpbus - ok15:02:53.0317 4568 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys15:02:53.0319 4568 RDPCDD - ok15:02:53.0372 4568 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys15:02:53.0376 4568 RDPDR - ok15:02:53.0500 4568 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys15:02:53.0503 4568 RDPENCDD - ok15:02:53.0543 4568 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys15:02:53.0545 4568 RDPREFMP - ok15:02:53.0689 4568 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys15:02:53.0691 4568 RdpVideoMiniport - ok15:02:53.0752 4568 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys15:02:53.0756 4568 RDPWD - ok15:02:53.0892 4568 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys15:02:53.0896 4568 rdyboost - ok15:02:54.0072 4568 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys15:02:54.0075 4568 rspndr - ok15:02:54.0243 4568 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys15:02:54.0249 4568 RTL8167 - ok15:02:54.0398 4568 RTL8169 (912c0a8c7e9b2467cf6dae1b64b72779) C:\Windows\system32\DRIVERS\Rtlh86.sys15:02:54.0402 4568 RTL8169 - ok15:02:54.0552 4568 RTL8187B (782ca89ba86853b0d8e8c272296102d4) C:\Windows\system32\DRIVERS\RTL8187B.sys15:02:54.0559 4568 RTL8187B - ok15:02:54.0698 4568 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys15:02:54.0701 4568 RtlProt - ok15:02:54.0748 4568 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS15:02:54.0751 4568 RTSTOR - ok15:02:54.0865 4568 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys15:02:54.0867 4568 s3cap - ok15:02:54.0978 4568 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS15:02:54.0979 4568 SASDIFSV - ok15:02:55.0014 4568 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS15:02:55.0016 4568 SASKUTIL - ok15:02:55.0139 4568 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys15:02:55.0143 4568 sbp2port - ok15:02:55.0201 4568 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys15:02:55.0203 4568 scfilter - ok15:02:55.0343 4568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys15:02:55.0346 4568 secdrv - ok15:02:55.0391 4568 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys15:02:55.0394 4568 Serenum - ok15:02:55.0518 4568 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys15:02:55.0521 4568 Serial - ok15:02:55.0654 4568 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys15:02:55.0657 4568 sermouse - ok15:02:55.0715 4568 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys15:02:55.0717 4568 sffdisk - ok15:02:55.0761 4568 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys15:02:55.0764 4568 sffp_mmc - ok15:02:55.0789 4568 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys15:02:55.0791 4568 sffp_sd - ok15:02:55.0894 4568 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys15:02:55.0896 4568 sfloppy - ok15:02:55.0947 4568 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys15:02:55.0950 4568 sisagp - ok15:02:56.0129 4568 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys15:02:56.0132 4568 SiSRaid2 - ok15:02:56.0161 4568 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys15:02:56.0164 4568 SiSRaid4 - ok15:02:56.0297 4568 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys15:02:56.0300 4568 Smb - ok15:02:56.0456 4568 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys15:02:56.0460 4568 speedfan - ok15:02:56.0530 4568 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys15:02:56.0532 4568 spldr - ok15:02:56.0680 4568 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys15:02:56.0680 4568 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a15:02:56.0682 4568 sptd ( LockedFile.Multi.Generic ) - warning15:02:56.0682 4568 sptd - detected LockedFile.Multi.Generic (1)15:02:56.0801 4568 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys15:02:56.0808 4568 srv - ok15:02:56.0843 4568 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys15:02:56.0850 4568 srv2 - ok15:02:56.0969 4568 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys15:02:56.0972 4568 srvnet - ok15:02:57.0131 4568 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys15:02:57.0134 4568 ssmdrv - ok15:02:57.0292 4568 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys15:02:57.0294 4568 stexstor - ok15:02:57.0429 4568 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys15:02:57.0432 4568 storflt - ok15:02:57.0467 4568 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys15:02:57.0470 4568 storvsc - ok15:02:57.0599 4568 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys15:02:57.0601 4568 swenum - ok15:02:57.0732 4568 Synth3dVsc - ok15:02:57.0781 4568 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys15:02:57.0786 4568 SynTP - ok15:02:57.0964 4568 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys15:02:57.0986 4568 Tcpip - ok15:02:58.0209 4568 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys15:02:58.0220 4568 TCPIP6 - ok15:02:58.0361 4568 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys15:02:58.0364 4568 tcpipreg - ok15:02:58.0400 4568 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys15:02:58.0402 4568 tdcmdpst - ok15:02:58.0512 4568 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys15:02:58.0515 4568 TDPIPE - ok15:02:58.0545 4568 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys15:02:58.0547 4568 TDTCP - ok15:02:58.0585 4568 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys15:02:58.0588 4568 tdx - ok15:02:58.0702 4568 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys15:02:58.0720 4568 TermDD - ok15:02:58.0910 4568 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys15:02:58.0912 4568 tssecsrv - ok15:02:58.0958 4568 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys15:02:58.0961 4568 TsUsbFlt - ok15:02:59.0054 4568 tsusbhub - ok15:02:59.0130 4568 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys15:02:59.0133 4568 tunnel - ok15:02:59.0248 4568 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS15:02:59.0250 4568 TVALZ - ok15:02:59.0300 4568 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys15:02:59.0303 4568 uagp35 - ok15:02:59.0435 4568 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys15:02:59.0441 4568 udfs - ok15:02:59.0591 4568 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys15:02:59.0594 4568 uliagpkx - ok15:02:59.0735 4568 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys15:02:59.0738 4568 umbus - ok15:02:59.0769 4568 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys15:02:59.0771 4568 UmPass - ok15:02:59.0898 4568 upperdev - ok15:02:59.0942 4568 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys15:02:59.0945 4568 USBAAPL - ok15:02:59.0983 4568 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys15:02:59.0986 4568 usbccgp - ok15:03:00.0113 4568 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys15:03:00.0117 4568 usbcir - ok15:03:00.0174 4568 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys15:03:00.0177 4568 usbehci - ok15:03:00.0323 4568 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys15:03:00.0327 4568 usbhub - ok15:03:00.0370 4568 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys15:03:00.0373 4568 usbohci - ok15:03:00.0547 4568 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys15:03:00.0550 4568 usbprint - ok15:03:00.0598 4568 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys15:03:00.0601 4568 usbscan - ok15:03:00.0641 4568 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS15:03:00.0644 4568 USBSTOR - ok15:03:00.0769 4568 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys15:03:00.0772 4568 usbuhci - ok15:03:00.0901 4568 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys15:03:00.0905 4568 usbvideo - ok15:03:00.0947 4568 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS15:03:00.0949 4568 UVCFTR - ok15:03:01.0088 4568 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys15:03:01.0090 4568 VClone - ok15:03:01.0140 4568 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys15:03:01.0142 4568 vdrvroot - ok15:03:01.0255 4568 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys15:03:01.0258 4568 vga - ok15:03:01.0313 4568 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys15:03:01.0315 4568 VgaSave - ok15:03:01.0345 4568 VGPU - ok15:03:01.0395 4568 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys15:03:01.0399 4568 vhdmp - ok15:03:01.0496 4568 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys15:03:01.0499 4568 viaagp - ok15:03:01.0545 4568 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys15:03:01.0548 4568 ViaC7 - ok15:03:01.0599 4568 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys15:03:01.0601 4568 viaide - ok15:03:01.0707 4568 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys15:03:01.0711 4568 vmbus - ok15:03:01.0760 4568 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys15:03:01.0762 4568 VMBusHID - ok15:03:01.0900 4568 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys15:03:01.0903 4568 volmgr - ok15:03:01.0956 4568 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys15:03:01.0963 4568 volmgrx - ok15:03:02.0091 4568 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys15:03:02.0096 4568 volsnap - ok15:03:02.0233 4568 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys15:03:02.0237 4568 vsmraid - ok15:03:02.0270 4568 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys15:03:02.0272 4568 vwifibus - ok15:03:02.0416 4568 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys15:03:02.0419 4568 VWiFiFlt - ok15:03:02.0470 4568 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys15:03:02.0473 4568 vwifimp - ok15:03:02.0587 4568 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys15:03:02.0589 4568 WacomPen - ok15:03:02.0652 4568 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys15:03:02.0654 4568 WANARP - ok15:03:02.0663 4568 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys15:03:02.0665 4568 Wanarpv6 - ok15:03:02.0800 4568 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys15:03:02.0802 4568 Wd - ok15:03:02.0837 4568 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys15:03:02.0846 4568 Wdf01000 - ok15:03:03.0008 4568 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys15:03:03.0010 4568 WfpLwf - ok15:03:03.0033 4568 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys15:03:03.0035 4568 WIMMount - ok15:03:03.0149 4568 WinRing0_1_2_0 - ok15:03:03.0314 4568 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys15:03:03.0317 4568 WinUsb - ok15:03:03.0469 4568 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys15:03:03.0471 4568 WmiAcpi - ok15:03:03.0622 4568 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys15:03:03.0624 4568 ws2ifsl - ok15:03:03.0695 4568 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys15:03:03.0698 4568 WudfPf - ok15:03:03.0812 4568 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys15:03:03.0827 4568 WUDFRd - ok15:03:03.0907 4568 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR015:03:03.0907 4568 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected15:03:03.0908 4568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)15:03:03.0923 4568 Boot (0x1200) (e63bd2af8a05c9e94a718ffc32442b21) \Device\Harddisk0\DR0\Partition015:03:03.0925 4568 \Device\Harddisk0\DR0\Partition0 - ok15:03:03.0949 4568 Boot (0x1200) (a834c69d7f38207e1f59fd4f287b058c) \Device\Harddisk0\DR0\Partition115:03:03.0950 4568 \Device\Harddisk0\DR0\Partition1 - ok15:03:03.0950 4568 ============================================================15:03:03.0950 4568 Scan finished15:03:03.0950 4568 ============================================================15:03:03.0971 3420 Detected object count: 215:03:03.0971 3420 Actual detected object count: 215:03:56.0166 3420 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine15:03:56.0169 3420 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 15:03:56.0235 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot15:03:56.0236 3420 \Device\Harddisk0\DR0 - ok15:03:56.0313 3420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure 15:04:03.0070 7484 Deinitialize success Link to post Share on other sites More sharing options...
Elise Posted November 8, 2011 ID:492665 Share Posted November 8, 2011 That was indeed an MBR infection. Although it is gone now, please read the following information.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
djmonsta Posted November 8, 2011 Author ID:492682 Share Posted November 8, 2011 ComboFix 11-11-08.02 - Adam Harrison 08/11/2011 15:37:12.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1916.994 [GMT 0:00]Running from: c:\users\Adam Harrison\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\3c:\program files\3\3Connect\3ConnectHelp.chmc:\program files\3\3Connect\AceDB.encryptc:\program files\3\3Connect\BEC_Reset.exec:\program files\3\3Connect\BecHelperService.exec:\program files\3\3Connect\birdstepdns.cmdc:\program files\3\3Connect\birdstepip.cmdc:\program files\3\3Connect\birdstepping.cmdc:\program files\3\3Connect\birdsteppingv2.cmdc:\program files\3\3Connect\BlackListedDev.cfgc:\program files\3\3Connect\BlacklistedProcesses.xmlc:\program files\3\3Connect\browsing1.htmlc:\program files\3\3Connect\cable_image.gifc:\program files\3\3Connect\capicom.dllc:\program files\3\3Connect\checkdata_online.htmlc:\program files\3\3Connect\CiscoApiWrapper.dllc:\program files\3\3Connect\Config.encryptc:\program files\3\3Connect\Config.xmlc:\program files\3\3Connect\Config_23420.encryptc:\program files\3\3Connect\Config_23420.xmlc:\program files\3\3Connect\Config_27205.encryptc:\program files\3\3Connect\Config_27205.xmlc:\program files\3\3Connect\Config_Default.encryptc:\program files\3\3Connect\Config_Default.xmlc:\program files\3\3Connect\ConfigAup.encryptc:\program files\3\3Connect\ConfigAup.xmlc:\program files\3\3Connect\connecting1.htmlc:\program files\3\3Connect\Content.css2c:\program files\3\3Connect\Convert.xslc:\program files\3\3Connect\datausageguide1.htmlc:\program files\3\3Connect\DeviceInstaller.exec:\program files\3\3Connect\Devices.xmlc:\program files\3\3Connect\Dialog.cfgc:\program files\3\3Connect\ElevatedShell.exec:\program files\3\3Connect\endpoint.cssc:\program files\3\3Connect\endpoint2.cssc:\program files\3\3Connect\Flash.ocxc:\program files\3\3Connect\homepage1.htmlc:\program files\3\3Connect\HuaweiE220.dllc:\program files\3\3Connect\HuaweiE620.dllc:\program files\3\3Connect\ImportConfiguration.exec:\program files\3\3Connect\improve.htmc:\program files\3\3Connect\incompatiblesoft.htmc:\program files\3\3Connect\Instalhelper.logc:\program files\3\3Connect\InstallHelpers.dllc:\program files\3\3Connect\installservice.exec:\program files\3\3Connect\Killautorun.exec:\program files\3\3Connect\LanDevice.dllc:\program files\3\3Connect\lastbill.htmc:\program files\3\3Connect\live.cssc:\program files\3\3Connect\Logger.dllc:\program files\3\3Connect\Mbb_abroad.htmc:\program files\3\3Connect\mbbhelp.chmc:\program files\3\3Connect\mfc80u.dllc:\program files\3\3Connect\Microsoft.VC80.CRT.manifestc:\program files\3\3Connect\Microsoft.VC80.MFC.manifestc:\program files\3\3Connect\modemcust.cfgc:\program files\3\3Connect\modeminfo.cfgc:\program files\3\3Connect\Modems\Huawei Modems_v3.09.00.00.exec:\program files\3\3Connect\msvcp80.dllc:\program files\3\3Connect\msvcr80.dllc:\program files\3\3Connect\NetworkCodes.cfgc:\program files\3\3Connect\OperatorList.xmlc:\program files\3\3Connect\OptGlobetrotterGTMax72.dllc:\program files\3\3Connect\PatchInfo.inic:\program files\3\3Connect\ping1.htmlc:\program files\3\3Connect\pingtest.JPGc:\program files\3\3Connect\proxy.JPGc:\program files\3\3Connect\Res.dllc:\program files\3\3Connect\Roaming\RoamingPrice_23420.inic:\program files\3\3Connect\Skins\FlashSkin\gui.swfc:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swfc:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swfc:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.pngc:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xmlc:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xmlc:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xmlc:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swfc:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swfc:\program files\3\3Connect\Skins\FlexSkin\assets\config.xmlc:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xmlc:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swfc:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xmlc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.pngc:\program files\3\3Connect\Skins\FlexSkin\assets\tretab.swfc:\program files\3\3Connect\Skins\FlexSkin\gui.swfc:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swfc:\program files\3\3Connect\Skins\FlexSkin\state.xmlc:\program files\3\3Connect\Sms.xmlc:\program files\3\3Connect\SmsApp2.dllc:\program files\3\3Connect\SoftOpt.encryptc:\program files\3\3Connect\speed.htmc:\program files\3\3Connect\status.htmc:\program files\3\3Connect\Strings.txtc:\program files\3\3Connect\SwiApiInterface.dllc:\program files\3\3Connect\SwiApiMux.exec:\program files\3\3Connect\SwiCardDetect.dllc:\program files\3\3Connect\SysConfig.datc:\program files\3\3Connect\SystemInfo.txtc:\program files\3\3Connect\topup.htmlc:\program files\3\3Connect\Update\ConfigAup.encryptc:\program files\3\3Connect\Update\ConfigAup.xmlc:\program files\3\3Connect\UserGuide.chmc:\program files\3\3Connect\Version.encryptc:\program files\3\3Connect\WelcomeApp.exec:\program files\3\3Connect\WelcomeApp.inic:\program files\3\3Connect\Wilog.exec:\program files\3\3Connect\WilogApp.exec:\program files\3\3Connect\WWanDevice.dllc:\program files\3\3Connect\ZTE_MF636_startup.exec:\program files\3\3Connect\ZTE620.dllc:\windows\$NtUninstallKB55994$c:\windows\$NtUninstallKB55994$\2582659914\@c:\windows\$NtUninstallKB55994$\2582659914\bckfg.tmpc:\windows\$NtUninstallKB55994$\2582659914\cfg.inic:\windows\$NtUninstallKB55994$\2582659914\Desktop.inic:\windows\$NtUninstallKB55994$\2582659914\keywordsc:\windows\$NtUninstallKB55994$\2582659914\kwrd.dllc:\windows\$NtUninstallKB55994$\2582659914\L\kopkadznc:\windows\$NtUninstallKB55994$\2582659914\U\00000001.@c:\windows\$NtUninstallKB55994$\2582659914\U\00000002.@c:\windows\$NtUninstallKB55994$\2582659914\U\00000004.@c:\windows\$NtUninstallKB55994$\2582659914\U\80000000.@c:\windows\$NtUninstallKB55994$\2582659914\U\80000004.@c:\windows\$NtUninstallKB55994$\2582659914\U\80000032.@c:\windows\$NtUninstallKB55994$\3394409595..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_BecHelperService-------\Service_BecHelperService..((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))..2011-11-08 15:49 . 2011-11-08 16:00 -------- d-----w- c:\users\Adam Harrison\AppData\Local\temp2011-11-08 15:49 . 2011-11-08 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-08 15:49 . 2011-11-08 15:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp2011-11-08 15:35 . 2011-11-08 15:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14C9AB1C-9943-493D-91B2-46ECDE1BAC09}\offreg.dll2011-11-08 15:33 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys2011-11-08 15:03 . 2011-11-08 15:03 -------- d-----w- C:\TDSSKiller_Quarantine2011-11-05 21:14 . 2011-10-18 02:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14C9AB1C-9943-493D-91B2-46ECDE1BAC09}\mpengine.dll2011-11-05 21:14 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2011-11-05 21:14 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-11-05 21:14 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll2011-11-05 21:13 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll2011-11-05 21:13 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2011-11-05 21:13 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\system32\wininet.dll2011-11-05 20:44 . 2011-11-05 20:44 -------- d-----w- c:\program files\Sophos2011-11-05 20:41 . 2011-11-05 20:41 -------- d-----w- c:\users\Adam Harrison\AppData\Roaming\SUPERAntiSpyware.com2011-11-05 18:51 . 2011-11-05 18:51 -------- d-----w- c:\users\Adam Harrison\AppData\Roaming\Avira2011-11-05 18:50 . 2011-10-19 16:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-11-05 18:50 . 2011-10-19 16:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys2011-11-05 18:50 . 2011-10-19 16:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-11-05 18:50 . 2011-11-05 18:50 -------- d-----w- c:\program files\Avira2011-10-30 00:59 . 2011-10-30 00:59 -------- d-----w- c:\program files\Vstplugins2011-10-30 00:58 . 2011-10-30 00:58 -------- d-----w- c:\program files\Sony Setup2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2011-10-28 21:19 . 2011-10-28 21:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2011-10-28 08:02 . 2011-10-28 08:02 -------- d-----w- c:\program files\Apple Software Update2011-10-25 22:48 . 2003-05-07 14:03 163840 ----a-w- c:\windows\system32\AnimationGIF.ocx2011-10-25 22:47 . 2011-10-25 22:47 -------- d-----w- c:\program files\Software Illusions2011-10-24 21:44 . 2011-10-24 21:44 -------- d-----w- C:\Hard2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-10-20 10:56 . 2011-10-20 10:56 -------- d-----w- c:\program files\Rockstar Games2011-10-19 23:16 . 2011-10-19 23:16 -------- d-----w- C:\TEMP2011-10-15 05:45 . 2011-10-15 05:45 -------- d-----w- c:\program files\ZooskMessenger2011-10-13 20:59 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax2011-10-13 20:59 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll2011-10-13 20:59 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll2011-10-13 20:59 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll2011-10-13 20:59 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-04 18:14 . 2011-05-21 23:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-08-16 22:58 . 2011-08-16 22:58 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2011-08-16 22:58 . 2011-08-16 22:58 86528 ----a-w- c:\windows\system32\iesysprep.dll2011-08-16 22:58 . 2011-08-16 22:58 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2011-08-16 22:58 . 2011-08-16 22:58 63488 ----a-w- c:\windows\system32\tdc.ocx2011-08-16 22:58 . 2011-08-16 22:58 48640 ----a-w- c:\windows\system32\mshtmler.dll2011-08-16 22:58 . 2011-08-16 22:58 161792 ----a-w- c:\windows\system32\msls31.dll2011-08-16 22:58 . 2011-08-16 22:58 110592 ----a-w- c:\windows\system32\IEAdvpack.dll2011-08-16 22:58 . 2011-08-16 22:58 74752 ----a-w- c:\windows\system32\iesetup.dll2011-08-16 22:58 . 2011-08-16 22:58 367104 ----a-w- c:\windows\system32\html.iec2011-08-16 22:58 . 2011-08-16 22:58 23552 ----a-w- c:\windows\system32\licmgr10.dll2011-08-16 22:58 . 2011-08-16 22:58 152064 ----a-w- c:\windows\system32\wextract.exe2011-08-16 22:58 . 2011-08-16 22:58 150528 ----a-w- c:\windows\system32\iexpress.exe2011-08-16 22:58 . 2011-08-16 22:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl2011-08-16 22:58 . 2011-08-16 22:58 420864 ----a-w- c:\windows\system32\vbscript.dll2011-08-16 22:58 . 2011-08-16 22:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe2011-08-16 22:58 . 2011-08-16 22:58 11776 ----a-w- c:\windows\system32\mshta.exe2011-08-16 22:58 . 2011-08-16 22:58 35840 ----a-w- c:\windows\system32\imgutil.dll2011-08-16 22:58 . 2011-08-16 22:58 101888 ----a-w- c:\windows\system32\admparse.dll2011-08-12 00:59 . 2011-08-12 00:59 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2011-05-13 4283256]"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-05-11 400760]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512].c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216].c:\users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]UltraVNC Server.lnk - c:\program files\UltraVNC\winvnc.exe [2011-4-22 1590216]ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [2011-10-15 142336].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bomgar Representative Console [connect.torex.com].lnk - c:\program files\Bomgar\Representative\connect.torex.com\bomgar-rep.exe [2011-7-25 11286016]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnkbackup=c:\windows\pss\Update Agent.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2011-10-02 08:16 137536 ----atw- c:\users\Adam Harrison\AppData\Local\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2011-07-01 00:38 136176 ----atw- c:\users\Adam Harrison\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]2009-03-16 18:54 6158240 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]2009-04-21 16:36 1045904 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe.R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\537C.tmp [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Adam Harrison\Desktop\realtemp\WinRing0.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-07 436792]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-04-21 116104]S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-04-22 12904]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-04-24 347648]S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]..--- Other Services/Drivers In Memory ---.*Deregistered* - AvgTdiX.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2011-11-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2521185255-1154176558-516416412-1000Core.job- c:\users\Adam Harrison\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 08:16].2011-11-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2521185255-1154176558-516416412-1000UA.job- c:\users\Adam Harrison\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 08:16].2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:38].2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:38].2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2521185255-1154176558-516416412-1000Core.job- c:\users\Adam Harrison\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 00:38].2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2521185255-1154176558-516416412-1000UA.job- c:\users\Adam Harrison\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 00:38]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEAuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlTrusted Zone: google.com\wwwTCP: DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 194.168.4.100 194.168.8.100..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\537C.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exec:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exec:\windows\system32\TODDSrv.exec:\program files\TOSHIBA\Power Saver\TosCoSrv.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\program files\Avira\AntiVir Desktop\avshadow.exec:\windows\system32\conhost.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\system32\taskhost.exec:\windows\system32\conhost.exec:\windows\RtHDVCpl.exec:\program files\Synaptics\SynTP\SynTPHelper.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\igfxext.exec:\windows\system32\igfxsrvc.exec:\windows\system32\DllHost.exe.**************************************************************************.Completion time: 2011-11-08 16:05:30 - machine was rebootedComboFix-quarantined-files.txt 2011-11-08 16:05.Pre-Run: 26,169,384,960 bytes freePost-Run: 26,485,862,400 bytes free.- - End Of File - - CAA180E7DB4075741EBE5587080BCC15 Link to post Share on other sites More sharing options...
Elise Posted November 8, 2011 ID:492688 Share Posted November 8, 2011 Hi again, how are things running now?We need to scan the system with this special tool: * Please download and save:Junction.zip * Unzip it and place Junction.exe in the Windows directory (C:\Windows). * Go to Start => Run... => Copy and paste the following command in the Run box and click OK: cmd /c junction -s c:\ >log.txt&log.txt& del log.txtA command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
djmonsta Posted November 8, 2011 Author ID:492690 Share Posted November 8, 2011 Junction v1.06 - Windows junction creator and reparse point viewerCopyright © 2000-2010 Mark RussinovichSysinternals - www.sysinternals.com\\?\c:\\Documents and Settings: JUNCTION Print Name : C:\Users Substitute Name: C:\UsersFailed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process........................................................................................\\?\c:\\ProgramData\Application Data: JUNCTION Print Name : C:\ProgramData Substitute Name: C:\ProgramData\\?\c:\\ProgramData\Desktop: JUNCTION Print Name : C:\Users\Public\Desktop Substitute Name: C:\Users\Public\Desktop\\?\c:\\ProgramData\Documents: JUNCTION Print Name : C:\Users\Public\Documents Substitute Name: C:\Users\Public\Documents\\?\c:\\ProgramData\Favorites: JUNCTION Print Name : C:\Users\Public\Favorites Substitute Name: C:\Users\Public\Favorites\\?\c:\\ProgramData\Start Menu: JUNCTION Print Name : C:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu\\?\c:\\ProgramData\Templates: JUNCTION Print Name : C:\ProgramData\Microsoft\Windows\Templates Substitute Name: C:\ProgramData\Microsoft\Windows\Templates............Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00bf61428e79426e1b74b9654842607c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01a95e4377235f969941bba6d7432c9b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02d050c081152fbaae9ed93a3c5d40fb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\033d7a9ca6fb128cda1d6db717f19f3e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b8759513028ab2b399c616f3b2586d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\092cfcd1bff8c248f29957fd8b5e965c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0a4c54186b9db5fb704d655696b4d74f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b118b1791baec2a7c10f794aab99c93_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0cdc16c1baa81a655b7dff8c9dc2974f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dce44aa2dd08fb349dcdc4b193f9bac_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0dea468a26da60f6aea6348f244ef726_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ef4f2c3028d85b9e87c7f684e153729_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1128be0ed1f6771075d5aa4430cac451_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12967dbc5225f2b8e7daf5fa946fc455_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13bffc363cf9fa6c6a707182c37adc24_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15b5fcc947c5a45283631d84ca0a6d5b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1608d04568329de2e0510465b2459f48_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\172b49117b5920f349de1266c651fa80_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a398984d6f3e202dd4b2477cec27ced_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c8663ad8b91e2e830b73706d2393e1d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d7668c2d61669c9a19a99f76e73a396_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e3cdc0d81f08451e346e7b8e3081a4b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22f4b727ee5b448d26b32e7b3158f62a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26dfa4eb277d8570ce5dcc5b1609a986_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a99ed3e36a9e2951460419e797fb85f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2afeb2a6a793e84242da9282eff38205_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ba0195ba3b6fdbcf64f422274810459_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c5597273b9df9c8c2f4972e0d549c8a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d95c627312f543aab201868ec10ea8e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3042d065666f5f0711fdccc2440ef014_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\363c7f52555be698825a8285322861d1_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\371c818cadb6524e9dfe2777f8c493d8_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39c52e21ec317377897e8fa17171d81f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39d54564f78b291fa9389c7fcf56833e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b846180264e9c55cc8a759265aba70c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\409762b004a3f6db46511e5630d2c8a3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\412889308cfb87d34670f9c67912417b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42704e23c9dbc582e90d5cbf287f622f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4491a4a5c51ecd19cf8443dda114f4ee_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4520ee1d0384078f6eb68c5d69ae2d27_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48520a622bced2f0832986a8cdb3545f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49f03e9da4d344e2b47d5bdb42fdd37e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b471fa4358790f5ce52e203045144c3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d775c60c1020408e3f1803fcb386f7f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52a786d2c1123ce7cb932425ce18c180_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\54f275321feb8cdee40153ccf9a6bb4c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55f697c71838630a8dbbb02a7769e033_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a42356b54321249c9b38db352662888_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5aa654b473ed38f68b1600663a8dec6f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b9204811225b38a6700f673513c4af9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ce4e804d5523227bd2b5c71c3fdca9c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d888be499c759e418023b14f47df8ab_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f0928115ba0c5fa4b718f9fb0ac5d04_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f0a282884113ca562ad91608e7f399a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\621bed0c4b749afe871f06d22fe55d53_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\677265415034408867835f30973be9fb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\695e1bb356b91de1331a9a0f73bea3d5_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69c0ae41973a3e5249633cc9f29b50d9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d2c74ede7e4cf7c55759fb281f68e2f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6dca02b9012687cb271f06dec65e1be9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f649f0b116887e2d2ee433b56329c60_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f7c60e442a195392e8306eadf4021c7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70301b3cfd7531208dc3a822b5ffa902_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\715471e15a301353db3cd69b2bf5d067_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7366a8ff977bd2f8855665a3d524e0b1_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\742d188f9616c90d41d217185b5c875c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76af98489fa203f3184aa44be0d00087_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7709b09ed2c30fe0a92fca5bdfc7771b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b2839c2ebbbdc83c439030170bddc50_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bb5106b7049c3ce8c00f31e70724e1f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bdad07de1016e4da973fff9f4e9de12_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e717e9e34f7c3127ed4f7c0df412fcf_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\80d551533ee4b407cb2cdaba59be2e79_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\80fb92847c5338f1caed96c0b510f737_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8149c850ac21e475d1bc5b7e4f8dca58_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84bb2ab9bfc13adff22268eb236494ac_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84ea8a0d98974b1c2661c121eb8fd0ae_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\855177b01ea93371d16b1687c48491ee_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a1a5ba35c3333e6fb1aae7c0772df20_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ab9a971a96d85a108923fdb22d5dafd_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b376c9a7969884d0915e362b075fd3c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f12815e3ac269aae66c3d3fc431436c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f7ac0b3f8734e5fe40acde0ed9fd7ed_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92a7e4ecc2423b8873504bd9da51b0de_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93043e81a48b61ec695226d70ea96515_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\947208ee5ae2054da94cbff9f62f4a08_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9515956d41aef37f0db2041328c59446_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\956379d438299a3d92b5e593154029c7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\958b20400fc3ba4eff2418b046e95c85_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9e38329b90dd75e55909a8f15f9cbeb2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a142753ce7eef3fee60c43f0e039a32e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3c7be10d32c333d1dab9c96b8376c47_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3ffba4c339b840f15a07862eb282bbb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a498203b4c21e9bd131909a6547cd79e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a62f451854c11fd04900c57e2b2262f6_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a746e867dd1afde5d4138e596c41a676_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a8d16341119c35c8effec96ef8057383_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aaa77a485d04bc2b4b212cad92bdd899_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab285793c66f106e90c3a4d5d7010133_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\acb4b83beee60f023db25fd5c7765147_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b09d166d502699d9df88aad2e84c035e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b277f6e9b368d9b89515d2fcdd8add3d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b451b39e755d3d20bac86ed3e30075f3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6b07b1f8b7a897d63c1db75a0c8e717_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b905cca73aadded08643927cc492a333_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b98effb9fe04dc2cd6b9c9013b40a657_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9bc3cf0efd92d550d34bbcc57365402_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bfd9c8fa6a53a81f3c5c1af0662d55c2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1d2a560dee4c286577832084b2ff195_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c27af0af0674c7166e1d51dd429bceb6_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c66d072e6514a4de52487b349e90f59e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c83133c1b61ddba413283b5121252738_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbe10f1d0b17b22f4b125c76989d754f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd4dbd9e893c4929ebe3c32be182ce46_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf00a0fcacdd5f7adee0e8bb5ab32f28_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d718a923a8d98aef0884c07bb540539c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9824e8f03ad4d742823ec68909c825f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df935b09d249e850b898fdfce1d20af0_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e027c1d3dc9d82785e2e98f9a65fcd5d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e252c414dd615f9a8a4c56f415c95177_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e28ac773630b91b32683d3ab4c45cad4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2a9478341b3527f3c36da8ea7a8555b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e4b7a993880dbb6e1f0c0d2145565be5_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e63f2abc6fa0cd762673334800fec82f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7b67779ef1cb14f05d254a1b5dcffed_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef9b21e5bbb55b024ca9260fd82661f4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f10cf7758470d17d6a22857365e007b7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6a8ec7c2d5d6eeaf86a398854eebfdb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6b3085fd3e3e509723f549cd984f529_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f76983673bb9ae3a92b37cd4c40f0f1a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9e65a1cae0c53ff865f7795520bf6a2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb9635f5b9ecc6c0a4d6561ba05e1bf3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fba4222a95db316e32783e83c3b402a7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbe28448496ebdc1059d30350bb422d3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd2662ba3350ca852e495bb08f553c84_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe54b63e7285e992e9d6cef6d2102944_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffcd7781a78ecd972d0ed37dfd33ba69_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffcf18d315a8b73ed2759ff8b2dab586_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffff247a8a34a70e7ca24102065434b4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.....Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied..\\?\c:\\Qoobox\Quarantine\C\Windows\$NtUninstallKB55994$\3394409595.vir: SYMBOLIC LINK Print Name : c:\windows\system32\config Substitute Name: \systemroot\system32\configFailed to open \\?\c:\\System Volume Information\{1e34d980-0a1b-11e1-b1ec-001e33688c66}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.Failed to open \\?\c:\\System Volume Information\{a5503a92-07ec-11e1-b638-001e33688c66}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied..\\?\c:\\Users\All Users: SYMBOLIC LINK Print Name : C:\ProgramData Substitute Name: \??\C:\ProgramData\\?\c:\\Users\Default User: JUNCTION Print Name : C:\Users\Default Substitute Name: C:\Users\Default\\?\c:\\Users\Adam Harrison\Application Data: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\\?\c:\\Users\Adam Harrison\Cookies: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Cookies.\\?\c:\\Users\Adam Harrison\Local Settings: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Local Substitute Name: C:\Users\Adam Harrison\AppData\Local\\?\c:\\Users\Adam Harrison\My Documents: JUNCTION Print Name : C:\Users\Adam Harrison\Documents Substitute Name: C:\Users\Adam Harrison\Documents\\?\c:\\Users\Adam Harrison\NetHood: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Network Shortcuts\\?\c:\\Users\Adam Harrison\PrintHood: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\\?\c:\\Users\Adam Harrison\Recent: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Recent\\?\c:\\Users\Adam Harrison\SendTo: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\SendTo\\?\c:\\Users\Adam Harrison\Start Menu: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\\?\c:\\Users\Adam Harrison\Templates: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Adam Harrison\AppData\Roaming\Microsoft\Windows\Templates\\?\c:\\Users\Adam Harrison\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Local Substitute Name: C:\Users\Adam Harrison\AppData\Local\\?\c:\\Users\Adam Harrison\AppData\Local\History: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Adam Harrison\AppData\Local\Microsoft\Windows\History\\?\c:\\Users\Adam Harrison\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Adam Harrison\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Adam Harrison\AppData\Local\Microsoft\Windows\Temporary Internet Files..............................................................................\\?\c:\\Users\Adam Harrison\Documents\My Music: JUNCTION Print Name : C:\Users\Adam Harrison\Music Substitute Name: C:\Users\Adam Harrison\Music\\?\c:\\Users\Adam Harrison\Documents\My Pictures: JUNCTION Print Name : C:\Users\Adam Harrison\Pictures Substitute Name: C:\Users\Adam Harrison\Pictures\\?\c:\\Users\Adam Harrison\Documents\My Videos: JUNCTION Print Name : C:\Users\Adam Harrison\Videos Substitute Name: C:\Users\Adam Harrison\Videos.....\\?\c:\\Users\Administrator\Application Data: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming Substitute Name: C:\Users\Administrator\AppData\Roaming\\?\c:\\Users\Administrator\Cookies: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\\?\c:\\Users\Administrator\Local Settings: JUNCTION Print Name : C:\Users\Administrator\AppData\Local Substitute Name: C:\Users\Administrator\AppData\Local\\?\c:\\Users\Administrator\My Documents: JUNCTION Print Name : C:\Users\Administrator\Documents Substitute Name: C:\Users\Administrator\Documents\\?\c:\\Users\Administrator\NetHood: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\\?\c:\\Users\Administrator\PrintHood: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\\?\c:\\Users\Administrator\Recent: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\\?\c:\\Users\Administrator\SendTo: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\\?\c:\\Users\Administrator\Start Menu: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\\?\c:\\Users\Administrator\Templates: JUNCTION Print Name : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\\?\c:\\Users\Administrator\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Administrator\AppData\Local Substitute Name: C:\Users\Administrator\AppData\Local\\?\c:\\Users\Administrator\AppData\Local\History: JUNCTION Print Name : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\\?\c:\\Users\Administrator\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files.\\?\c:\\Users\Administrator\Documents\My Music: JUNCTION Print Name : C:\Users\Administrator\Music Substitute Name: C:\Users\Administrator\Music\\?\c:\\Users\Administrator\Documents\My Pictures: JUNCTION Print Name : C:\Users\Administrator\Pictures Substitute Name: C:\Users\Administrator\Pictures\\?\c:\\Users\Administrator\Documents\My Videos: JUNCTION Print Name : C:\Users\Administrator\Videos Substitute Name: C:\Users\Administrator\Videos\\?\c:\\Users\All Users\Application Data: JUNCTION Print Name : C:\ProgramData Substitute Name: C:\ProgramData\\?\c:\\Users\All Users\Desktop: JUNCTION Print Name : C:\Users\Public\Desktop Substitute Name: C:\Users\Public\Desktop\\?\c:\\Users\All Users\Documents: JUNCTION Print Name : C:\Users\Public\Documents Substitute Name: C:\Users\Public\Documents\\?\c:\\Users\All Users\Favorites: JUNCTION Print Name : C:\Users\Public\Favorites Substitute Name: C:\Users\Public\Favorites\\?\c:\\Users\All Users\Start Menu: JUNCTION Print Name : C:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu\\?\c:\\Users\All Users\Templates: JUNCTION Print Name : C:\ProgramData\Microsoft\Windows\Templates Substitute Name: C:\ProgramData\Microsoft\Windows\Templates............Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\00bf61428e79426e1b74b9654842607c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\01a95e4377235f969941bba6d7432c9b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\02d050c081152fbaae9ed93a3c5d40fb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\033d7a9ca6fb128cda1d6db717f19f3e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07b8759513028ab2b399c616f3b2586d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\092cfcd1bff8c248f29957fd8b5e965c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0a4c54186b9db5fb704d655696b4d74f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0b118b1791baec2a7c10f794aab99c93_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0cdc16c1baa81a655b7dff8c9dc2974f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0dce44aa2dd08fb349dcdc4b193f9bac_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0dea468a26da60f6aea6348f244ef726_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0ef4f2c3028d85b9e87c7f684e153729_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1128be0ed1f6771075d5aa4430cac451_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\12967dbc5225f2b8e7daf5fa946fc455_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\13bffc363cf9fa6c6a707182c37adc24_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\15b5fcc947c5a45283631d84ca0a6d5b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1608d04568329de2e0510465b2459f48_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\172b49117b5920f349de1266c651fa80_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1a398984d6f3e202dd4b2477cec27ced_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1c8663ad8b91e2e830b73706d2393e1d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1d7668c2d61669c9a19a99f76e73a396_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1e3cdc0d81f08451e346e7b8e3081a4b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\22f4b727ee5b448d26b32e7b3158f62a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\26dfa4eb277d8570ce5dcc5b1609a986_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a99ed3e36a9e2951460419e797fb85f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2afeb2a6a793e84242da9282eff38205_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2ba0195ba3b6fdbcf64f422274810459_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2c5597273b9df9c8c2f4972e0d549c8a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2d95c627312f543aab201868ec10ea8e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3042d065666f5f0711fdccc2440ef014_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\363c7f52555be698825a8285322861d1_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\371c818cadb6524e9dfe2777f8c493d8_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\39c52e21ec317377897e8fa17171d81f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\39d54564f78b291fa9389c7fcf56833e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3b846180264e9c55cc8a759265aba70c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\409762b004a3f6db46511e5630d2c8a3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\412889308cfb87d34670f9c67912417b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\42704e23c9dbc582e90d5cbf287f622f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4491a4a5c51ecd19cf8443dda114f4ee_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4520ee1d0384078f6eb68c5d69ae2d27_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48520a622bced2f0832986a8cdb3545f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\49f03e9da4d344e2b47d5bdb42fdd37e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4b471fa4358790f5ce52e203045144c3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d775c60c1020408e3f1803fcb386f7f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\52a786d2c1123ce7cb932425ce18c180_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\54f275321feb8cdee40153ccf9a6bb4c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\55f697c71838630a8dbbb02a7769e033_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5a42356b54321249c9b38db352662888_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5aa654b473ed38f68b1600663a8dec6f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5b9204811225b38a6700f673513c4af9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5ce4e804d5523227bd2b5c71c3fdca9c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5d888be499c759e418023b14f47df8ab_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5f0928115ba0c5fa4b718f9fb0ac5d04_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5f0a282884113ca562ad91608e7f399a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\621bed0c4b749afe871f06d22fe55d53_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\677265415034408867835f30973be9fb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\695e1bb356b91de1331a9a0f73bea3d5_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\69c0ae41973a3e5249633cc9f29b50d9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6d2c74ede7e4cf7c55759fb281f68e2f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6dca02b9012687cb271f06dec65e1be9_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6f649f0b116887e2d2ee433b56329c60_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6f7c60e442a195392e8306eadf4021c7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\70301b3cfd7531208dc3a822b5ffa902_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\715471e15a301353db3cd69b2bf5d067_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7366a8ff977bd2f8855665a3d524e0b1_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\742d188f9616c90d41d217185b5c875c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\76af98489fa203f3184aa44be0d00087_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7709b09ed2c30fe0a92fca5bdfc7771b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7b2839c2ebbbdc83c439030170bddc50_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7bb5106b7049c3ce8c00f31e70724e1f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7bdad07de1016e4da973fff9f4e9de12_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7e717e9e34f7c3127ed4f7c0df412fcf_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\80d551533ee4b407cb2cdaba59be2e79_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\80fb92847c5338f1caed96c0b510f737_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8149c850ac21e475d1bc5b7e4f8dca58_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84bb2ab9bfc13adff22268eb236494ac_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84ea8a0d98974b1c2661c121eb8fd0ae_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\855177b01ea93371d16b1687c48491ee_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8a1a5ba35c3333e6fb1aae7c0772df20_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ab9a971a96d85a108923fdb22d5dafd_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b376c9a7969884d0915e362b075fd3c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f12815e3ac269aae66c3d3fc431436c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f7ac0b3f8734e5fe40acde0ed9fd7ed_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92a7e4ecc2423b8873504bd9da51b0de_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\93043e81a48b61ec695226d70ea96515_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\947208ee5ae2054da94cbff9f62f4a08_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9515956d41aef37f0db2041328c59446_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\956379d438299a3d92b5e593154029c7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\958b20400fc3ba4eff2418b046e95c85_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9e38329b90dd75e55909a8f15f9cbeb2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a142753ce7eef3fee60c43f0e039a32e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a3c7be10d32c333d1dab9c96b8376c47_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a3ffba4c339b840f15a07862eb282bbb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a498203b4c21e9bd131909a6547cd79e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a62f451854c11fd04900c57e2b2262f6_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a746e867dd1afde5d4138e596c41a676_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a8d16341119c35c8effec96ef8057383_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\aaa77a485d04bc2b4b212cad92bdd899_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab285793c66f106e90c3a4d5d7010133_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\acb4b83beee60f023db25fd5c7765147_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b09d166d502699d9df88aad2e84c035e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b277f6e9b368d9b89515d2fcdd8add3d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b451b39e755d3d20bac86ed3e30075f3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b6b07b1f8b7a897d63c1db75a0c8e717_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b905cca73aadded08643927cc492a333_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b98effb9fe04dc2cd6b9c9013b40a657_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b9bc3cf0efd92d550d34bbcc57365402_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bfd9c8fa6a53a81f3c5c1af0662d55c2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c1d2a560dee4c286577832084b2ff195_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c27af0af0674c7166e1d51dd429bceb6_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c66d072e6514a4de52487b349e90f59e_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c83133c1b61ddba413283b5121252738_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cbe10f1d0b17b22f4b125c76989d754f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd4dbd9e893c4929ebe3c32be182ce46_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cf00a0fcacdd5f7adee0e8bb5ab32f28_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d718a923a8d98aef0884c07bb540539c_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d9824e8f03ad4d742823ec68909c825f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\df935b09d249e850b898fdfce1d20af0_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e027c1d3dc9d82785e2e98f9a65fcd5d_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e252c414dd615f9a8a4c56f415c95177_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e28ac773630b91b32683d3ab4c45cad4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e2a9478341b3527f3c36da8ea7a8555b_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e4b7a993880dbb6e1f0c0d2145565be5_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e63f2abc6fa0cd762673334800fec82f_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e7b67779ef1cb14f05d254a1b5dcffed_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef9b21e5bbb55b024ca9260fd82661f4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f10cf7758470d17d6a22857365e007b7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f6a8ec7c2d5d6eeaf86a398854eebfdb_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f6b3085fd3e3e509723f549cd984f529_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f76983673bb9ae3a92b37cd4c40f0f1a_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f9e65a1cae0c53ff865f7795520bf6a2_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fb9635f5b9ecc6c0a4d6561ba05e1bf3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fba4222a95db316e32783e83c3b402a7_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fbe28448496ebdc1059d30350bb422d3_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fd2662ba3350ca852e495bb08f553c84_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fe54b63e7285e992e9d6cef6d2102944_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ffcd7781a78ecd972d0ed37dfd33ba69_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ffcf18d315a8b73ed2759ff8b2dab586_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied.Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ffff247a8a34a70e7ca24102065434b4_6a9c8f29-6b70-4058-ac03-350d598dd001: Access is denied......\\?\c:\\Users\Default\Application Data: JUNCTION Print Name : C:\Users\Default\AppData\Roaming Substitute Name: C:\Users\Default\AppData\Roaming\\?\c:\\Users\Default\Local Settings: JUNCTION Print Name : C:\Users\Default\AppData\Local Substitute Name: C:\Users\Default\AppData\Local\\?\c:\\Users\Default\My Documents: JUNCTION Print Name : C:\Users\Default\Documents Substitute Name: C:\Users\Default\Documents\\?\c:\\Users\Default\NetHood: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\\?\c:\\Users\Default\PrintHood: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\\?\c:\\Users\Default\Recent: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\\?\c:\\Users\Default\SendTo: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\\?\c:\\Users\Default\Start Menu: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\\?\c:\\Users\Default\Templates: JUNCTION Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Default\AppData\Local Substitute Name: C:\Users\Default\AppData\Local\\?\c:\\Users\Default\AppData\Local\History: JUNCTION Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\\?\c:\\Users\Default\Documents\My Music: JUNCTION Print Name : C:\Users\Default\Music Substitute Name: C:\Users\Default\Music\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION Print Name : C:\Users\Default\Pictures Substitute Name: C:\Users\Default\Pictures\\?\c:\\Users\Default\Documents\My Videos: JUNCTION Print Name : C:\Users\Default\Videos Substitute Name: C:\Users\Default\Videos\\?\c:\\Users\Public\Documents\My Music: JUNCTION Print Name : C:\Users\Public\Music Substitute Name: C:\Users\Public\Music\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION Print Name : C:\Users\Public\Pictures Substitute Name: C:\Users\Public\Pictures\\?\c:\\Users\Public\Documents\My Videos: JUNCTION Print Name : C:\Users\Public\Videos Substitute Name: C:\Users\Public\Videos....Failed to open \\?\c:\\Windows\CSC\v2.0.6: Access is denied...........................................Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{f010c7ba-27c5-11df-b7f4-001e33688c66}.TM.blf: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{f010c7ba-27c5-11df-b7f4-001e33688c66}.TMContainer00000000000000000001.regtrans-ms: Access is denied.Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{f010c7ba-27c5-11df-b7f4-001e33688c66}.TMContainer00000000000000000002.regtrans-ms: Access is denied................................................................................... Link to post Share on other sites More sharing options...
Elise Posted November 8, 2011 ID:492698 Share Posted November 8, 2011 Hi, that is looking good, any problem left?P2P WARNING-------------------Going over your logs I noticed that you have bitTorrent installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall bitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:Download the latest version of Adobe Reader Version X. and save it to your desktop.Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offeredClick the download button at the bottom. If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat. If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your ComputerThen from your desktop double-click on Adobe Reader to install the newest version. If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the "Adobe Setup - Welcome" window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.Your Adobe Reader is now up to date!Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Download the latest version of Java Runtime Environment (JRE) Version 7u1.Look for "JDK 7u1 (JDK or JRE).Click the "Download JRE" button at the right.Read the License Agreement, and then check the box that says: "Accept License Agreement".Select "Windows x86 Offline" and click on jre-7-windows-i586.exe [*]Save it to your desktop[*]Close any programs you may have running - especially your web browser.[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).[*]Reboot your computer once all Java components are removed.[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.Finally, please launch MBAM, update it and run a full scan. Post me the resulting log. Link to post Share on other sites More sharing options...
djmonsta Posted November 8, 2011 Author ID:492762 Share Posted November 8, 2011 Seems to be getting there, Google Instant is now working, the laptop and internet are quicker and I haven't experienced a 'redirect' or 'random background music' yet. However, as you will see below, MBAM found 2 new threats that it hadn't found before. Could the removed Malware have been hinding these?Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8084Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642108/11/2011 20:49:51mbam-log-2011-11-08 (20-49-51).txtScan type: Full scan (C:\|E:\|)Objects scanned: 382969Time elapsed: 1 hour(s), 52 minute(s), 56 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\adam harrison\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52\1543dfb4-4f6e1461 (Trojan.Inject.adb) -> Quarantined and deleted successfully.c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\32\44e6d4e0-295db4f6 (Trojan.Agent) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Elise Posted November 9, 2011 ID:492905 Share Posted November 9, 2011 No worries, MBAM only found two Java cache objects. ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
djmonsta Posted November 9, 2011 Author ID:493105 Share Posted November 9, 2011 Only 1 threat found, although I wouldn't really class it as a threat but a tool I've used for years...C:\Users\Adam Harrison\Desktop\WirelessKeyView.exe a variant of Win32/WirelessKeyView.A application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Elise Posted November 10, 2011 ID:493259 Share Posted November 10, 2011 Yes, it was deleted more as being a potentially unwanted program, not directly malware.ALL CLEAN--------------Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean Please do the following to remove the remaining programs from your PC:Delete the tools used during the disinfection:Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.Please read these advices, in order to prevent reinfecting your PC:Install and update the following programs regularly:an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.A comprehensive tutorial and a list of possible firewalls can be found here.an AntiVirus SoftwareIt is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.an Anti-Spyware programMalware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.SUPERAntiSpyware is another good scanner with high detection and removal rates.Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.Spyware BlasterA tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.[*]Keep Windows (and your other Microsoft software) up to date!I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!![*]Keep your other software up to date as wellSoftware does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.[*]Stay up to date!The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.Some more links you might find of interest:Miekies' prevention suggestionsSo How did I get infected?Microsoft - 'Security at home'Calendar of Updates: See which updates have been released.How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.osalt: Find (free) open source alternatives to known commercial software.Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards. Link to post Share on other sites More sharing options...
djmonsta Posted November 10, 2011 Author ID:493383 Share Posted November 10, 2011 thank you Elise, I have read the above and bookmarked some of the pages. Everything seems to be working fine now.Thanks again for your help. Link to post Share on other sites More sharing options...
Elise Posted November 11, 2011 ID:493558 Share Posted November 11, 2011 You are most welcome! I will request this topic to be closed. Link to post Share on other sites More sharing options...
LDTate Posted November 11, 2011 ID:493612 Share Posted November 11, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts