gothicpanda

Virus MBAM won't open or delete & IE won't open

28 posts in this topic

I am having a problem with my computer. IE will not open or let me connect to the internet. I can recieve emails and get updates from programs like adobe flash. I tried to install Malwarebytes, but I recieve a CreateFile Error Code 80. I tried to delete the previous version but the file folders were still left. I can not delete those and I think that is what is causing the error. I am pretty sure I have a virus that is not allowing this. I have Microsoft Security Essentials Running and the scan picked up nothing. I used HijackThis to form a log, attached bellow. Then I found another post listing the procedure which i started. Once I got to the part of running GMER Rootkit Scanner it scanned and half way through and my computer restarted and so I was not able to continue. I attached all the logs I was able to get.

attach.zip

Share this post


Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Share this post


Link to post
Share on other sites

Thank you for taking the time to help me! I really appreciate it. I am pretty sure that there is a virus on the computer. Malwarebytes refused to open and I realized that its files were missing. I tried reinstalling it and I could not. mbamext.dll is blocking full deletion and I also have two Malwarebytes folders in my Program FIles folder. The other one when I try to open says Access Denied. Durring reinstallation I get an ErrorCode 80 message. Internet Explorer also refuses to start up but the internet works. Firefox does connect to the internet which I am currently using.

OTL logfile created on: 11/18/2010 5:51:40 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jennifer.scheu\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.77 Gb Total Space | 53.28 Gb Free Space | 76.36% Space Free | Partition Type: NTFS

Computer Name: JENNIFERPC | User Name: Jennifer.Scheu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe

PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\firefox.exe

PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/09/14 13:06:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/09/12 19:38:32 | 000,339,968 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

PRC - [2006/06/28 18:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe

PRC - [2006/04/18 20:54:50 | 000,049,152 | ---- | M] ( ) -- C:\WINDOWS\system32\SysMonitor.exe

PRC - [2004/08/11 01:22:40 | 000,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe

MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\KGCServ\remotecontrol\winvnc.exe -- (winvnc)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)

SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

SRV - [2006/09/14 13:06:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2006/06/28 18:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008/08/28 17:32:30 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/02/15 05:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/12/10 16:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007/12/10 16:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)

DRV - [2007/12/10 16:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)

DRV - [2006/11/07 03:35:00 | 000,047,488 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)

DRV - [2006/08/27 20:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)

DRV - [2006/06/08 18:54:24 | 000,017,664 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)

DRV - [2006/06/06 19:36:30 | 000,090,112 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.coveny.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=veriton_m460

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.coveny.com

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z006&form=ZGAPHP

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsearch.com/index.jhtml?n=...MU28qOlq5uj_m5Q

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"

FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="

FF - prefs.js..browser.search.order.1: "Fast Browser Search"

FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={980235C4-5205-BE07-A40B-38E7E3912833}&q="

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\components [2010/11/15 20:41:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\plugins [2010/11/15 20:41:53 | 000,000,000 | ---D | M]

[2009/06/15 13:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Extensions

[2010/11/16 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions

[2010/11/16 21:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/07/17 12:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

[2010/10/07 12:41:54 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\bing-zugo.xml

[2010/08/17 12:52:31 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\inbox-search.xml

[2010/06/17 11:35:38 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\mywebsearch.xml

O1 HOSTS File: ([2009/05/14 11:53:29 | 000,306,127 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 70.89.213.203 ocsinventory-ng

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 10540 more lines...

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )

O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1

O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %windir%\Resources\Themes\Luna\luna.msstyles (Microsoft)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PRESTIGE.COVENY.COM

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\covenylogo.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\covenylogo.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/28 16:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 17:50:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe

[2010/11/16 22:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Application Data\WinRAR

[2010/11/16 22:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/11/16 22:24:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/11/16 21:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/11/15 20:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox

[2010/11/15 19:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Application Data\Auslogics

[2010/11/15 19:51:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer.scheu\Recent

[2010/11/15 19:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2010/11/15 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes

[2010/11/15 19:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/11/15 19:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/11/09 16:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/09 16:50:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2010/11/09 16:50:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2009/05/12 14:26:30 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\INTEROP.IWSHRUNTIMELIBRARY.DLL

[2006/05/25 19:18:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe

[2010/11/18 17:49:39 | 000,020,480 | ---- | M] () -- C:\EasyShare.me

[2010/11/18 17:49:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 17:49:16 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/18 17:46:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 22:35:19 | 000,011,966 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\attach.zip

[2010/11/16 22:34:37 | 001,438,216 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\wrar40b1.exe

[2010/11/16 22:18:25 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\s5tchcrv.exe

[2010/11/16 22:14:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\dds.scr

[2010/11/16 22:14:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\defogger_reenable

[2010/11/16 22:11:59 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\Defogger.exe

[2010/11/16 21:57:00 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\HiJackThis.lnk

[2010/11/15 20:43:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/15 20:41:55 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/15 20:41:55 | 000,002,166 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/11 03:01:13 | 000,522,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/11 03:01:13 | 000,096,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/10 13:28:06 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ShowingDesk Web Edition.lnk

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 22:35:19 | 000,011,966 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\attach.zip

[2010/11/16 22:34:37 | 001,438,216 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\wrar40b1.exe

[2010/11/16 22:18:25 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\s5tchcrv.exe

[2010/11/16 22:14:35 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\dds.scr

[2010/11/16 22:14:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\defogger_reenable

[2010/11/16 22:11:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\Defogger.exe

[2010/11/16 21:56:56 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\HiJackThis.lnk

[2010/11/15 20:41:55 | 000,002,184 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/15 20:41:55 | 000,002,166 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/19 11:38:23 | 000,775,696 | ---- | C] () -- C:\Program Files\Uninstall Fun Web Products.dll

[2010/05/27 10:22:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/11 10:15:56 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft Excel.ADR

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 13:53:03 | 000,000,353 | ---- | C] () -- C:\WINDOWS\CAPTURE1.INI

[2009/05/21 10:53:03 | 000,000,175 | ---- | C] () -- C:\WINDOWS\nscatch.ini

[2009/05/14 11:34:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/05/14 11:22:17 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\fusioncache.dat

[2009/05/13 15:33:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini

[2009/05/12 15:51:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/03 11:18:04 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2008/08/28 17:57:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/08/28 17:33:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2008/08/28 16:56:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/01/19 10:10:52 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

[2007/03/30 15:44:18 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys

[2006/08/27 20:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys

[2006/05/25 19:18:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll

[2005/10/25 09:25:28 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/03 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll

[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll

[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1998/12/08 18:09:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[1998/12/08 18:09:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[1998/12/08 18:09:44 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\lffpx90n.dll

[1996/04/01 11:00:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\CAPTURE2.INI

========== LOP Check ==========

[2009/05/14 11:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AgentOffice

[2009/05/13 15:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi

[2009/06/11 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SentriLock

[2009/05/27 09:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/05/27 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\acccore

[2010/04/06 09:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Amazon

[2010/11/15 19:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Auslogics

[2010/01/11 10:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Blackberry Desktop

[2009/07/14 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Research In Motion

[2009/06/11 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\SentriLock

[2009/08/13 09:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\TeamViewer

[2009/05/21 11:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Windows Search

[2009/11/04 08:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/18/2010 5:51:40 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jennifer.scheu\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.77 Gb Total Space | 53.28 Gb Free Space | 76.36% Space Free | Partition Type: NTFS

Computer Name: JENNIFERPC | User Name: Jennifer.Scheu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{03792636-ED5B-4CD3-A93B-19BC2C18F8F8}" = Sentrilock Card Utility

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20

"{2BDAE5C3-4CC3-4281-8129-7549B1D1CCA3}" = ShowingDesk Web Edition

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = Kyocera Scanner File Utility

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8D8DE8D1-95CF-4C63-84B0-3EE3A7FA7C20}" = TrueForms 4.5 for FNF

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{956A6D4F-B297-4E08-A39E-C00FFDB7826F}" = Intellisync for FNF

"{96009644-514C-47DD-BE49-6D93C7FCFFA3}" = BlackBerry Desktop Software 4.1.1

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}" = AgentOffice

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = Acer eProtection

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"BlackBerry_{96009644-514C-47DD-BE49-6D93C7FCFFA3}" = BlackBerry Desktop Software 4.1.1

"C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}" = AgentOffice 10.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Essentials" = Microsoft Security Essentials

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OcaHistoryUpd" = OCA Client history tool install

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/17/2010 9:04:08 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/17/2010 9:04:39 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:46:38 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:47:16 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500

Description = Windows cannot log you on because your profile cannot be loaded. Check

that you are connected to the network, or that your network is functioning correctly.

If this problem persists, contact your network administrator. DETAIL - Access is

denied.

Error - 11/18/2010 7:49:02 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 11/18/2010 7:49:03 PM | Computer Name = JENNIFERPC | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

[ System Events ]

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005

Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005

Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005

Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7016

Description = The WebClient service has reported an invalid current state 87.

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7022

Description = The WebClient service hung on starting.

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000

Description = The Google Update Service (gupdate) service failed to start due to

the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000

Description = The McAfee SiteAdvisor Service service failed to start due to the

following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000

Description = The SFUSVC service failed to start due to the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000

Description = The Viewpoint Manager Service service failed to start due to the following

error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000

Description = The VNC Server service failed to start due to the following error:

%%5

< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB9824000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)

0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA92CB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB9600000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA93B0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA8CDE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA85A7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB97B1000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 225280 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xB96FE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA8E9E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7411000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xA933B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB97E8000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA9388000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xB978D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB9756000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA943C000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xA9366000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806FF000 ACPI_HAL 134400 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xA928B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB973F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA8A84000 C:\WINDOWS\system32\eLock2FSCTLDriver.sys 90112 bytes (Windows ® 2000 DDK provider, eLock2FSCTLDriver Filter Driver)

0xB9779000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB9810000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA9409000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF743E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB972E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF7687000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7537000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7557000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF7527000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xBA756000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7567000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF7517000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF74F7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA706000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7547000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7507000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA766000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA786000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF7577000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA796000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA716000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8904000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA726000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF77D7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xB9DDA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF77BF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB9DF2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF77FF000 C:\WINDOWS\system32\drivers\int15.sys 28672 bytes (Acer, Inc., int 15)

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF77C7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF77CF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF77B7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xB9DEA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF77AF000 C:\WINDOWS\system32\eLock2BurnerLockDriver.sys 20480 bytes (Windows ® 2000 DDK provider, eLock2BurnerLockDriver)

0xB9DE2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF77E7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF77EF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF77F7000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 20480 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)

0xF77DF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7757000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA7F0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA912B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7937000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF789B000 UBHelper.sys 16384 bytes

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA9487000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF793F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB9FD0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xA8D66000 C:\WINDOWS\system32\drivers\tvicport.sys 12288 bytes (EnTech Taiwan, TVicPort Driver for Windows NT/2000/XP)

0xF79C7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF79D5000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF79C5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF79C9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF79A3000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)

0xF79CB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79A5000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)

0xF79A7000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF79AB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7AA9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7A86000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA0E6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7A72000 C:\WINDOWS\system32\drivers\zntport.sys 4096 bytes (Zeal SoftStudio, zntport)

==============================================

>Stealth

==============================================

Share this post


Link to post
Share on other sites

Hi again, lets first see what the following scan turns up.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

The scan did not show anything. I guess this could be both good or bad.

2010/11/19 16:19:33.0031 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/19 16:19:33.0031 ================================================================================

2010/11/19 16:19:33.0031 SystemInfo:

2010/11/19 16:19:33.0031

2010/11/19 16:19:33.0031 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/19 16:19:33.0031 Product type: Workstation

2010/11/19 16:19:33.0031 ComputerName: JENNIFERPC

2010/11/19 16:19:33.0031 UserName: Jennifer.Scheu

2010/11/19 16:19:33.0031 Windows directory: C:\WINDOWS

2010/11/19 16:19:33.0031 System windows directory: C:\WINDOWS

2010/11/19 16:19:33.0031 Processor architecture: Intel x86

2010/11/19 16:19:33.0031 Number of processors: 2

2010/11/19 16:19:33.0031 Page size: 0x1000

2010/11/19 16:19:33.0031 Boot type: Normal boot

2010/11/19 16:19:33.0031 ================================================================================

2010/11/19 16:19:33.0218 Initialize success

2010/11/19 16:19:40.0046 ================================================================================

2010/11/19 16:19:40.0046 Scan started

2010/11/19 16:19:40.0046 Mode: Manual;

2010/11/19 16:19:40.0046 ================================================================================

2010/11/19 16:19:40.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/19 16:19:40.0562 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/19 16:19:40.0609 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/19 16:19:40.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/19 16:19:40.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/19 16:19:40.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/19 16:19:40.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/19 16:19:41.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/19 16:19:41.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/19 16:19:41.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/19 16:19:41.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/19 16:19:41.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/19 16:19:41.0218 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/19 16:19:41.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/19 16:19:41.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/19 16:19:41.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/19 16:19:41.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/19 16:19:41.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/19 16:19:41.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/19 16:19:41.0718 eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys

2010/11/19 16:19:41.0750 eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys

2010/11/19 16:19:41.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/19 16:19:41.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/19 16:19:41.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/19 16:19:41.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/19 16:19:41.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/19 16:19:42.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/19 16:19:42.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/19 16:19:42.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/19 16:19:42.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/19 16:19:42.0171 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/19 16:19:42.0281 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/19 16:19:42.0421 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/19 16:19:42.0578 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/11/19 16:19:42.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/19 16:19:42.0796 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys

2010/11/19 16:19:42.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/19 16:19:42.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/19 16:19:42.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/19 16:19:42.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/19 16:19:43.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/19 16:19:43.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/19 16:19:43.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/19 16:19:43.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/19 16:19:43.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/19 16:19:43.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/19 16:19:43.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/19 16:19:43.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/19 16:19:43.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/19 16:19:43.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/19 16:19:43.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/19 16:19:43.0421 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/19 16:19:43.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/19 16:19:43.0468 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/11/19 16:19:43.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/19 16:19:43.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/19 16:19:43.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/19 16:19:43.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/19 16:19:43.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/19 16:19:43.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/19 16:19:43.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/19 16:19:43.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/19 16:19:43.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/19 16:19:43.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/19 16:19:43.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/19 16:19:43.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/19 16:19:43.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/19 16:19:44.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/19 16:19:44.0031 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/19 16:19:44.0109 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/19 16:19:44.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/19 16:19:44.0187 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2010/11/19 16:19:44.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/19 16:19:44.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/19 16:19:44.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/19 16:19:44.0375 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/19 16:19:44.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/19 16:19:44.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/19 16:19:44.0468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/19 16:19:44.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/19 16:19:44.0578 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/19 16:19:44.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/19 16:19:44.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/19 16:19:44.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/19 16:19:44.0875 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/11/19 16:19:45.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/19 16:19:45.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/19 16:19:45.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/19 16:19:45.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/19 16:19:45.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/19 16:19:45.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/19 16:19:45.0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/19 16:19:45.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/19 16:19:45.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/19 16:19:45.0437 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/11/19 16:19:45.0515 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2010/11/19 16:19:45.0562 RimVSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/11/19 16:19:45.0593 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/11/19 16:19:45.0687 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/11/19 16:19:45.0765 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

2010/11/19 16:19:45.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/19 16:19:45.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/19 16:19:45.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/19 16:19:45.0968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/19 16:19:46.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/19 16:19:46.0187 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/19 16:19:46.0250 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/19 16:19:46.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/19 16:19:46.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/19 16:19:46.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/19 16:19:46.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/19 16:19:46.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/19 16:19:46.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/19 16:19:46.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/19 16:19:46.0765 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys

2010/11/19 16:19:46.0812 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

2010/11/19 16:19:46.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/19 16:19:46.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/19 16:19:46.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/19 16:19:47.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/19 16:19:47.0046 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/19 16:19:47.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/19 16:19:47.0093 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/19 16:19:47.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/19 16:19:47.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/19 16:19:47.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/19 16:19:47.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/19 16:19:47.0375 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/19 16:19:47.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/19 16:19:47.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/19 16:19:47.0515 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys

2010/11/19 16:19:47.0593 ================================================================================

2010/11/19 16:19:47.0593 Scan finished

2010/11/19 16:19:47.0593 ================================================================================

2010/11/19 16:21:23.0343 ================================================================================

2010/11/19 16:21:23.0343 Scan started

2010/11/19 16:21:23.0343 Mode: Manual;

2010/11/19 16:21:23.0343 ================================================================================

2010/11/19 16:21:23.0781 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/19 16:21:23.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/19 16:21:23.0859 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/19 16:21:23.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/19 16:21:24.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/19 16:21:24.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/19 16:21:24.0265 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/19 16:21:24.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/19 16:21:24.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/19 16:21:24.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/19 16:21:24.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/19 16:21:24.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/19 16:21:24.0515 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/19 16:21:24.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/19 16:21:24.0734 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/19 16:21:24.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/19 16:21:24.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/19 16:21:24.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/19 16:21:24.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/19 16:21:24.0937 eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys

2010/11/19 16:21:24.0968 eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys

2010/11/19 16:21:25.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/19 16:21:25.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/19 16:21:25.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/19 16:21:25.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/19 16:21:25.0171 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/19 16:21:25.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/19 16:21:25.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/19 16:21:25.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/19 16:21:25.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/19 16:21:25.0437 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/19 16:21:25.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/19 16:21:25.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/19 16:21:25.0718 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/11/19 16:21:25.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/19 16:21:25.0875 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys

2010/11/19 16:21:25.0968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/19 16:21:26.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/19 16:21:26.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/19 16:21:26.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/19 16:21:26.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/19 16:21:26.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/19 16:21:26.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/19 16:21:26.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/19 16:21:26.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/19 16:21:26.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/19 16:21:26.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/19 16:21:26.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/19 16:21:26.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/19 16:21:26.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/19 16:21:26.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/19 16:21:26.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/19 16:21:26.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/19 16:21:26.0515 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/11/19 16:21:26.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/19 16:21:26.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/19 16:21:26.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/19 16:21:26.0718 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/19 16:21:26.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/19 16:21:26.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/19 16:21:26.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/19 16:21:26.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/19 16:21:26.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/19 16:21:27.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/19 16:21:27.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/19 16:21:27.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/19 16:21:27.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/19 16:21:27.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/19 16:21:27.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/19 16:21:27.0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/19 16:21:27.0359 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/19 16:21:27.0421 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2010/11/19 16:21:27.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/19 16:21:27.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/19 16:21:27.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/19 16:21:27.0562 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/19 16:21:27.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/19 16:21:27.0609 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/19 16:21:27.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/19 16:21:27.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/19 16:21:27.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/19 16:21:27.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/19 16:21:27.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/19 16:21:28.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/19 16:21:28.0109 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/11/19 16:21:28.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/19 16:21:28.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/19 16:21:28.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/19 16:21:28.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/19 16:21:28.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/19 16:21:28.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/19 16:21:28.0406 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/19 16:21:28.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/19 16:21:28.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/19 16:21:28.0609 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/11/19 16:21:28.0671 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2010/11/19 16:21:28.0718 RimVSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/11/19 16:21:28.0765 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/11/19 16:21:28.0828 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/11/19 16:21:28.0890 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

2010/11/19 16:21:28.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/19 16:21:29.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/19 16:21:29.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/19 16:21:29.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/19 16:21:29.0171 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/19 16:21:29.0203 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/19 16:21:29.0234 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/19 16:21:29.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/19 16:21:29.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/19 16:21:29.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/19 16:21:29.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/19 16:21:29.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/19 16:21:29.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/19 16:21:29.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/19 16:21:29.0562 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys

2010/11/19 16:21:29.0593 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

2010/11/19 16:21:29.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/19 16:21:29.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/19 16:21:29.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/19 16:21:29.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/19 16:21:29.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/19 16:21:29.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/19 16:21:29.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/19 16:21:29.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/19 16:21:29.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/19 16:21:29.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/19 16:21:29.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/19 16:21:30.0000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/19 16:21:30.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/19 16:21:30.0093 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/19 16:21:30.0171 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys

2010/11/19 16:21:30.0250 ================================================================================

2010/11/19 16:21:30.0250 Scan finished

2010/11/19 16:21:30.0250 ================================================================================

Share this post


Link to post
Share on other sites

Yes, it usually is a good sign when a rootkit detector doesn't find anything. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

ComboFix did delete some things so I take it that we are getting closer to a cleaner system :)

By the way thanks again for helping me :)

Here's the log:

ComboFix 10-11-19.04 - Jennifer.Scheu 11/20/2010 7:36.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1643 [GMT -6:00]

Running from: c:\documents and settings\jennifer.scheu\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Fast Browser Search

c:\program files\SelectRebates

c:\program files\SelectRebates\SelectRebatesUninstall.exe

c:\program files\Uninstall Fun Web Products.dll

C:\restore

c:\windows\system32\twain.dll

.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2010-11-17 03:56 . 2010-11-17 03:56 388096 ----a-r- c:\documents and settings\jennifer.scheu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-17 03:56 . 2010-11-17 03:56 -------- d-----w- c:\program files\Trend Micro

2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox

2010-11-16 02:07 . 2010-10-07 21:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54DFC9AB-35BF-4E92-96A7-7D01346A9A56}\mpengine.dll

2010-11-16 01:55 . 2010-11-16 01:55 -------- d-----w- c:\documents and settings\jennifer.scheu\Application Data\Auslogics

2010-11-16 01:28 . 2010-11-16 02:57 -------- d-----w- c:\program files\Unlocker

2010-11-16 01:21 . 2010-11-16 01:23 -------- d-----w- c:\program files\Malwarebytes

2010-11-16 01:19 . 2010-11-16 01:19 -------- d-----w- c:\program files\Auslogics

2010-11-16 01:18 . 2010-11-16 01:18 -------- d-----w- c:\program files\CCleaner

2010-11-09 22:52 . 2010-11-09 22:52 -------- d-----w- c:\program files\Microsoft.NET

2010-11-09 22:50 . 2010-11-09 22:50 -------- d-----w- c:\windows\system32\winrm

2010-11-09 22:50 . 2010-11-09 22:50 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-11-09 22:29 . 2010-10-07 21:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 20:51 . 2009-10-03 08:18 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-18 17:23 . 2006-12-14 13:45 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-11-01 19:17 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-09 22:52 . 2010-10-15 18:55 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{961E199B-B4E3-479A-BB2E-1BA226A5F40E}\mpengine.dll

2010-09-09 22:52 . 2009-05-14 17:44 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2010-09-09 13:38 . 2007-04-18 12:46 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2004-08-04 05:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2004-08-04 05:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2004-08-04 05:00 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2004-08-04 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2007-03-08 13:47 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2005-10-17 21:14 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2004-12-07 19:32 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-05-13 08:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2004-08-04 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]

"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-2-24 1085534]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]

Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableChangePassword"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"NoTaskGrouping"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [6/8/2006 6:54 PM 17664]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [6/6/2006 7:36 PM 90112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [6/11/2009 10:59 AM 47488]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 11:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0509&m=veriton_m460

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={980235C4-5205-BE07-A40B-38E7E3912833}&q=

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

AddRemove-InstallShield_{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C} - c:\program files\InstallShield Installation Information\{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}\setup.exe

AddRemove-{61C79AE1-5403-4687-AC68-28BFA5EF3895} - c:\program files\InstallShield Installation Information\{61C79AE1-5403-4687-AC68-28BFA5EF3895}\setup.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2010-11-20 07:40:30

ComboFix-quarantined-files.txt 2010-11-20 13:40

Pre-Run: 57,182,519,296 bytes free

Post-Run: 57,755,500,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1974B10A39959FF51C92F8E396D6853C

Share this post


Link to post
Share on other sites

MBAM still refuses to install. When I install into C:\Program Files\Malwarebytes' Anti-Malware\ folder like it defaults to I get ErrorCode 80 can not install because the file already exists. When I tried to install to a different folder i got another error saying Error 183 Can not create in directory because file already exists in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\config.dat

I can not delete any Malwarebytes folders or access them. It says Access Denied at anything. Internet Explorer also still refuses to open.

Share this post


Link to post
Share on other sites

Lets see if we can find out why.

First, try to uninstall using mbam-clean.exe

When done, restart once, then try to install it.

Share this post


Link to post
Share on other sites

No Luck. The folders are still there and are still blocking the installation. I get all of the same error messages for whatever I try.

Share this post


Link to post
Share on other sites

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Share this post


Link to post
Share on other sites

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\downloads: Access is denied.

Failed to open \\?\c:\\install.rdf: Access is denied.

Failed to open \\?\c:\\KGCServ: Access is denied.

Failed to open \\?\c:\\mbam-error.txt: Access is denied.

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\RECYCLER: Access is denied.

Failed to open \\?\c:\\remotecontrol: Access is denied.

Failed to open \\?\c:\\users: Access is denied.

Failed to open \\?\c:\\usr: Access is denied.

Failed to open \\?\c:\\Acer\GInstall.log: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\AfscComm.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\AfscInst.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eRecovery: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\int15.sys: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\Threshold.xml: Access is denied.

.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Interfaces.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Model.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Plugin.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Presenter.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Views.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Framework.Interface.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Shared.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Shared.UI.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Windows.Forms.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\awcomm.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\CPUID.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eportd.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-cs.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-da.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-de.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-el.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-en.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-es.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-fi.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-fr.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-hu.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-it.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-ja.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-nl.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-no.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-pl.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-pt.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-ru.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-sv.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-tr.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-zh-CHS.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-zh-CHT.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.chm: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.cur: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.exe: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettingsConfig.xml: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings_forbid.cur: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\INT15.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Interop.Shell32.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.H: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.LIB: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\log4net.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ntport.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\RELEASE NOTE.TXT: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ScrollBarLib.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ServiceControl.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\TVicPort.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ZNTPORT.SYS: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.

Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.

.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\AOL: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\InstallShield: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Kodak: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Malwarebytes: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\McAfee: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\NOS: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\SentriLock: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Sun: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Viewpoint: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Windows Genuine Advantage: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Adobe\AIR: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Adobe\Reader: Access is denied.

.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-0.bin: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Jennifer.bmp: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Desktop\AgentOffice.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\ESBK.mb: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\ESBK.mbb: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\KyoceraMita: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sync Playlists: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E201F44C-B9E2-490F-9ED7-0976E9DA2EA5}_Large.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E201F44C-B9E2-490F-9ED7-0976E9DA2EA5}_Small.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\22140 Prairie pic.jpeg: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\WinZip.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\AcerSystem: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\AgentOffice: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Amazon: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Kyocera: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Scanner User Software: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\SentriLockCardUtility (2).lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\SentriLockCardUtility (3).lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 4: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\CutePDF: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Malwarebytes' Anti-Malware: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Spybot - Search & Destroy: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Windows PowerShell 1.0: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\WinZip: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Acer Empowering Technology\Acer eRecovery Management.lnk: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk: Access is denied.

...

.

Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\CryptnetUrlCache: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Application Data\Adobe: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\History\desktop.ini: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\Cookies: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\History: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files: Access is denied.

Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\00fc7e5a-a28c-4d2d-9576-7703946d4419: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\25f7df2e-3409-4ce2-9b52-945650addde2: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\2bca9aaa-2483-4a79-bd71-ebf8d84c3e0e: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\38eae554-2702-4867-9376-c102caccca74: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\68abde85-55c6-44c9-9e86-132f93c9a029: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6eb2c477-70ae-4a29-a304-844d664e7c5e: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\7ea4a6df-72e2-444d-8a89-ab8b6d2be8e4: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\a7e392d9-2ffe-438a-9b52-cd7322ad27ed: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\b11b9c16-62d5-46c4-8456-5a0574e598e2: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\ced97b88-f26b-4a08-8bcd-a2c9b010026c: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\db845ab5-7c54-4a86-913a-734f9eae142f: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fac75f09-bc4a-4464-b6c1-c5f3a5dd1a10: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-20: Access is denied.

Failed to open \\?\c:\\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log: Access is denied.

Failed to open \\?\c:\\drv\VGA0: Access is denied.

..

Failed to open \\?\c:\\i386\bthport.sys: Access is denied.

.

Failed to open \\?\c:\\i386\filterpipelineprintproc.dll: Access is denied.

..

Failed to open \\?\c:\\i386\mrxsmb.sys: Access is denied.

.

Failed to open \\?\c:\\i386\msxpsdrv.inf: Access is denied.

Failed to open \\?\c:\\i386\msxpsinc.gpd: Access is denied.

Failed to open \\?\c:\\i386\msxpsinc.ppd: Access is denied.

Failed to open \\?\c:\\i386\mxdwdrv.dll: Access is denied.

Failed to open \\?\c:\\i386\mxdwdui.dll: Access is denied.

Failed to open \\?\c:\\i386\mxdwdui.gpd: Access is denied.

Failed to open \\?\c:\\i386\mxdwdui.ini: Access is denied.

Failed to open \\?\c:\\i386\ntkrnlmp.exe: Access is denied.

Failed to open \\?\c:\\i386\ntkrnlpa.exe: Access is denied.

Failed to open \\?\c:\\i386\ntkrpamp.exe: Access is denied.

Failed to open \\?\c:\\i386\ntoskrnl.exe: Access is denied.

..

Failed to open \\?\c:\\i386\sp3.cab: Access is denied.

Failed to open \\?\c:\\i386\stddtype.gdl: Access is denied.

Failed to open \\?\c:\\i386\stdnames.gpd: Access is denied.

Failed to open \\?\c:\\i386\stdschem.gdl: Access is denied.

Failed to open \\?\c:\\i386\stdschmx.gdl: Access is denied.

Failed to open \\?\c:\\i386\unidrv.dll: Access is denied.

Failed to open \\?\c:\\i386\unidrv.hlp: Access is denied.

Failed to open \\?\c:\\i386\unidrvui.dll: Access is denied.

Failed to open \\?\c:\\i386\unires.dll: Access is denied.

...

Failed to open \\?\c:\\Intel\Logs\IntelGFX.log: Access is denied.

Failed to open \\?\c:\\Program Files\Acro Software: Access is denied.

Failed to open \\?\c:\\Program Files\AgentMetrics: Access is denied.

Failed to open \\?\c:\\Program Files\Amazon: Access is denied.

Failed to open \\?\c:\\Program Files\commercial: Access is denied.

Failed to open \\?\c:\\Program Files\Fidelity: Access is denied.

Failed to open \\?\c:\\Program Files\Google: Access is denied.

Failed to open \\?\c:\\Program Files\Kodak: Access is denied.

Failed to open \\?\c:\\Program Files\Kyocera: Access is denied.

Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware: Access is denied.

Failed to open \\?\c:\\Program Files\McAfee: Access is denied.

Failed to open \\?\c:\\Program Files\Mozilla Firefox: Access is denied.

Failed to open \\?\c:\\Program Files\MSECache: Access is denied.

Failed to open \\?\c:\\Program Files\OCS Inventory Agent: Access is denied.

Failed to open \\?\c:\\Program Files\TeamViewer: Access is denied.

Failed to open \\?\c:\\Program Files\Viewpoint: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Desktop Search: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Connect 2: Access is denied.

Failed to open \\?\c:\\Program Files\WinZip: Access is denied.

Failed to open \\?\c:\\Program Files\Zero G Registry: Access is denied.

Failed to open \\?\c:\\Program Files\Adobe\Acrobat 5.0: Access is denied.

.

Failed to open \\?\c:\\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-5464-3428-900000000004}\AdbeRdrSD90_all.msi: Access is denied.

..

Failed to open \\?\c:\\Program Files\Common Files\AOL: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\McAfee: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Software Update Utility: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Wise Installation Wizard: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Adobe\Color: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Adobe\Web: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Business Objects\3.0\bin\u25store.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Business Objects\3.0\bin\u2lols32.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\iGdiCnv.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IScrCnv.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\ISRT.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IUserCnv.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\objpscnv.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\_ISRES1033.dll: Access is denied.

.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.manifest: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\pm.css: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\pm.html: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\background.jpg: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\File16.gif: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\HelpDoc16.gif: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\left_task.gif: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\left_task2.gif: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\spacer.gif: Access is denied.

.

Failed to open \\?\c:\\Program Files\Common Files\Research In Motion\AppLoader\Loader_CRASH.DMP: Access is denied.

Failed to open \\?\c:\\Program Files\Common Files\Research In Motion\AppLoader\Loader_ERRORLOG.TXT: Access is denied.

.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}_Backup: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{61C79AE1-5403-4687-AC68-28BFA5EF3895}: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{8D8DE8D1-95CF-4C63-84B0-3EE3A7FA7C20}: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\data1.cab: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\data1.hdr: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\ISSetup.dll: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\layout.bin: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.ibt: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.ini: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.inx: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.isn: Access is denied.

Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\_setup.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Internet Explorer\custsat.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Internet Explorer\en-US: Access is denied.

Failed to open \\?\c:\\Program Files\Internet Explorer\ieproxy.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Internet Explorer\SIGNUP\install.ins: Access is denied.

Failed to open \\?\c:\\Program Files\Java\jre6\lib\servicetag\registration.xml: Access is denied.

...

..

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\mscorlib.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Core.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Net.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Runtime.Serialization.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ServiceModel.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ServiceModel.Web.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Windows.Browser.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Windows.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Xml.ni.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_Core.log: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_SCC.log: Access is denied.

Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_SQL.log: Access is denied.

.

Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\desktop.GID: Access is denied.

Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\iloptcfg.cfg: Access is denied.

Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\ilsync.cnt: Access is denied.

Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\upgrade.log: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\AppStatus.xml: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\AxInterop.SHDocVw.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Common.Data.Helper.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\fbembed.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\fbudf.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\firebird.msg: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\FirebirdSql.Data.Firebird.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ib_udf.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ib_util.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ICSharpCode.SharpZipLib.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icudt30.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icuin30.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icuuc30.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Interop.SHDocVw.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\jennifer@covenyhomes.com: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\klik.windows.forms.resizer.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\log4net.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcp71.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcp80.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcr71.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcr80.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\OfflineLogons.xml: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ReportPrinting.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log.1: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log.2: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DAL.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\SHOWINGTIME.DESKWE.CLIENT.CALLCENTER1179.DB: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.common.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.DAL.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.exe: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.Services.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.WindowsControls.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Common.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.WEB.DAL.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.Protocol.FTPProtocol.dll: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Terms.xml: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\wehosts.xml: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\WEMigrator.exe: Access is denied.

Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\WEUpdater: Access is denied.

Failed to open \\?\c:\\Program Files\Uninstall Information\odbc.dat: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\dlimport.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\eula.txt: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\LegitLibM.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\Network Sharing: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmdbexport.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmlaunch.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmpenc.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnetwk.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnscfg.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnssci.dll: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmpshare.exe: Access is denied.

Failed to open \\?\c:\\Program Files\Windows Media Player\wmsetsdk.exe: Access is denied.

...

Failed to open \\?\c:\\WINDOWS\003048_.tmp: Access is denied.

Failed to open \\?\c:\\WINDOWS\Cache: Access is denied.

Failed to open \\?\c:\\WINDOWS\CAPTURE1.INI: Access is denied.

Failed to open \\?\c:\\WINDOWS\commercial.ini: Access is denied.

Failed to open \\?\c:\\WINDOWS\commercial.scr: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Installations: Access is denied.

...

...

...

...

...

Failed to open \\?\c:\\WINDOWS\AppPatch\acadproc.dll: Access is denied.

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources: Access is denied.

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\System.Management.Automation.resources: Access is denied.

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...

Failed to open \\?\c:\\WINDOWS\Debug\Setup: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\install.log: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\swflash.inf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\unagiuninst.exe: Access is denied.

Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\WBEtoolsAX.dll: Access is denied.

Failed to open \\?\c:\\WINDOWS\ehome\medctrro.cmd: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10249.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10267.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10268.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10269.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10370.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\10695.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11058.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11059.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11118.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11119.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11120.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11454.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11455.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11467.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11468.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11545.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11546.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11547.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11548.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11671.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11673.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\11846.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12506.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12507.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12510.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12511.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12542.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12543.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12544.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12545.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12581.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12582.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12585.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12586.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12623.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12625.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12639.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12640.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12675.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12677.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12704.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\12968.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13501.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13502.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13547.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13548.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13726.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13727.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13728.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13729.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13730.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13731.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13732.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13733.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13738.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13739.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13740.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13741.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13775.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13776.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13777.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13778.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13779.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13780.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13870.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13871.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13872.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13873.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13874.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13875.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13950.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13951.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13952.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\13953.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14021.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14022.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14023.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14024.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14029.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14030.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14039.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14040.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14051.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14053.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14054.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14072.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14459.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14460.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14461.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14462.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14463.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14480.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14481.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14503.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14504.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14505.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14506.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14507.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14508.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14511.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14512.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14513.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14514.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14515.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14525.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14526.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14527.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14528.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14529.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\14530.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24509.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24510.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24516.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24517.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24518.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24519.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24520.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24521.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24522.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24523.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\24524.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\34455.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\34456.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\34457.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\34458.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\4483.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\4484.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\4486.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\4487.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\90249.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\90270.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91118.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91119.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91546.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91547.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91548.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\91846.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92500.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92501.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92504.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92505.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92506.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92507.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92510.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92511.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92639.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\92642.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\93777.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\93778.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\93779.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94021.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94022.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94023.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94024.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94029.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94030.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94039.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94040.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Fonts\94073.ttf: Access is denied.

Failed to open \\?\c:\\WINDOWS\Help\mail: Access is denied.

.

Failed to open \\?\c:\\WINDOWS\Help\wmp11.chm: Access is denied.

..

...

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

.\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

..

...

...

...

...

...

...

..

Share this post


Link to post
Share on other sites

Do you have any other useraccounts on this computer (with administrator permissions) and can you access those files/folders from there?

Share this post


Link to post
Share on other sites

I do not. I can not even access the administrator that is default created through Safe Mode. I can not enter safe mode. I'll try to create a new user account and delete the malwarebytes folders from there. Only try to delete the malwarebytes folders correct?

Share this post


Link to post
Share on other sites

I tried creating a new user but that also failed. I was able to create one but when I tried to log off from the current user I got logged back onto the main user. I then restarted the computer to see if more users would show up and i got logged straight into the main user.

Share this post


Link to post
Share on other sites

Lets see if the following will work.

We need to reset the permissions altered by the malware on a file.

  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

    "%userprofile%\desktop\inherit" "c:\WINDOWS"

    "%userprofile%\desktop\inherit" "c:\Program Files"

    "%userprofile%\desktop\inherit" "c:\Acer"

    "%userprofile%\desktop\inherit" "c:\Users"


  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.

Share this post


Link to post
Share on other sites

Alright, I followed the instructions and got the Finish popup. What should I do next? I can not delete the file still or install MBAM. Internet Explorer works now though so that is a good sign.

Share this post


Link to post
Share on other sites

Please drag/drop the file and/or folder in question on inherit.exe. That should restore permissions.

Share this post


Link to post
Share on other sites

Awesome! Thank you so much! I was able to install MBAM and scan the computer. It found a few malware and now the computer runs perfect.

Share this post


Link to post
Share on other sites

Can you please post me the log from MBAM so I can have a look if anything else needs to be done in regards to the found infections?

Share this post


Link to post
Share on other sites

I should have known to automatically post that.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5168

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/22/2010 7:32:28 AM

mbam-log-2010-11-22 (07-32-28).txt

Scan type: Full scan (C:\|)

Objects scanned: 211589

Time elapsed: 23 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\KGCServ\Setup\Adobe\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\KGCServ\tools\Windows Key Finder\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\Uninstall Fun Web Products.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E3291816-DCFB-4B28-90C1-C4435A208346}\RP709\A0064307.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

I'm glad to hear that. :D In case you encounter any other access-denied error, just drag/drop the file/folder on inherit.exe

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Share this post


Link to post
Share on other sites

I uninstalled and reinstalled Java as you instructed. Although during the process i got a error message:

Microsoft Visual C++ Runtime Library

Program: C:\Program Files\Common Files\Java\Java Update\jaureg.exe

This Application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.

I'm not sure what this means because it seemed like it installed fine besides that.

The scan showed nothing found -_-

Share this post


Link to post
Share on other sites

That error just means that Java was running and had to be terminated in order to be uninstalled. -_-

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean -_-

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete Rootkit Unhooker and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.