Acces denied to ANY Antivirus.

View previous topic View next topic Go down

Solved Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 1:55 pm

Hey GeekPolice,

Sorry for not knowing the virus' name.

I'm in a stressfull situation here; I think a virus took over my computer, I can't install ANY antivirus and with that I mean ANY, MBAM, ESET, NORTON, AVG I tried every single one of them. It won't even let me download  them via torrent, or newsservers. Sometimes I even can't acces a site of an antivirus it just send me to an error page or refreshes all the time.

Some programs I can download but when it tries to install it says this: an error occurred: The operating system denied acces to specific file.

But I'm the only user and admin!

I recently downloaded a rom from Coolrom.com via their downloader and that gave me a virus to, that virus shows anoying little green links all over my browser pages and sometimes anoying adds.

I've tried ADWCleaner but that didn't help.

Please help me,

Donovan


Last edited by MrNiceDonovan on 11th May 2014, 11:53 pm; edited 3 times in total

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 10th May 2014, 4:06 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete or Clean.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 8:14 pm

When I try to post the adwlog it says I can't post external links or emails...

And I can't acces MBAM, I installed it on USB, CD everything but my pc won't let me open the program.

Can't open SecurityCheck either, same problem.
Error in dutch: Kan geen toegang tot het opgegeven apparaat, pad of bestand krijgen. Mogelijk hebt u geen toegangsmachtigingen voor het item.

Tough translation: Can't get acces to the program, it's possible that you don't have accespermissions to the item


Last edited by MrNiceDonovan on 10th May 2014, 9:33 pm; edited 3 times in total

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 9:04 pm

JRT LOG IN .TXT (may be Dutch)


Last edited by MrNiceDonovan on 10th May 2014, 9:11 pm; edited 1 time in total

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 9:09 pm

AdwCleaner Log in txt file (may be dutch)

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 10th May 2014, 10:13 pm

When I try to post the adwlog it says I can't post external links or emails...
You are not posting external links or emails. Simply copy and paste the log in your next reply.
And I can't acces MBAM, I installed it on USB, CD everything but my pc won't let me open the program.
Download MBAM to your USB stick or CD, transfer it to your computer, install it and then run the scan. If you still can't run it, try it on Safe Mode.

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 10:15 pm

AdwCleaner LOG just won't work, please try the file.
JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Donovan on za 10-05-2014 at 22:54:19,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0013CD9A-20EF-4A6C-AE19-8FBCC2990821}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{009C92E6-31AD-4D3C-A9B5-1D3FB35D7211}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{01202B1B-4562-46EE-8973-E01814CB3C36}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{015CB0D3-2E57-47AF-804A-0CFFA02478DE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{015DAF69-4882-4D91-891F-EFBEE6425FDA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{02499844-832B-4D28-96C9-BA6FA53B1AF6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0267CEFB-BC52-4C63-8813-DEABA0D09F58}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0330F0F7-5DBD-41B1-9F90-01E5FA37DAA3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{03A3AE60-2389-4BCA-B995-603D7018328C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{04417EDD-8CE8-4229-847A-3CF7CA7FCC05}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0491741A-219D-45E3-BE4E-CD286D0871BC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{05C0B055-28FC-4F4B-8395-F960EC9CC603}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{07CAF3A1-E016-46D2-941F-5DCDED773538}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0803A82B-03EC-4E94-9749-0D93A58D2E94}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0892BA67-2911-40F8-B98F-32B3CCC91FD9}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{098B9DCC-F57A-448F-BFF5-E7A0E8A6D4AF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0A1E2513-487B-4650-9AE7-6EED606D6584}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0B37BFF7-C834-4AFC-9E16-EC0941F5127C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0B9793AD-B979-49BA-A722-3A02F6946011}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0CA8E5CE-958D-47F9-9C0F-A1025BC775C5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0DBD070A-383E-4E51-880E-1943B5FC9D3F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0EAE4719-1F23-48B4-9897-0558DB598A42}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0EAFE7BB-8160-44C7-AF09-AD23E328BBB5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0ED3B356-A30C-43DC-B9AE-8E657830DB8E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{0F0B6103-0CDC-4F34-A5F7-00EF25564673}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{100C9E3C-2CD3-4CF4-9FB1-9B2C36AB9908}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{10640365-2912-4688-9CC8-E6BF04FB2019}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{125EE8A5-A54B-4066-BFDE-871A7B07479A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{141788CD-9DBC-4E53-826F-EAC0FD08FA28}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{14738898-DD59-4127-A2A7-6EF4A3C3C466}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{14D73E39-5FF7-4E78-B776-E18CB6B02173}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{160D3DBA-3BB1-4DB1-8BAC-D16D34D79991}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1673E03E-9BD8-4BD1-96C3-0DB7A248A115}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{169F71CE-B0D9-4786-AB5E-AF8126C24541}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{16E67E46-A04F-4AC7-949F-684E0F7574C7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{176185DD-1DC5-4297-B032-695EAD585D8D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1A185E6F-8971-4F72-99F5-2D25EB1C374F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1A1B813A-D451-4833-A370-9F2F745832AE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1A2B1865-F82F-4A03-9909-4CA583793331}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1B16B5B7-7555-4A8D-BB64-ACD618F42034}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1B8B57E8-8588-4276-8367-D1418EB2F06E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1B90FE34-9D65-4B35-82DD-A6462968B632}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1BC669C3-C4E9-4F67-B155-D4EBCC2D7C71}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1BEC4859-EC64-4685-8453-D11E603FB795}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1C2AD2F3-BB97-4652-9902-879EC7F69760}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1C36867D-052B-4D6D-AE2B-AF58F96B7FDC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1CF78151-8320-4E82-A795-5BC039E4BEBA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1D042CFB-B636-42B1-BB38-2D5A170B0EB1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1D11C278-8254-4B32-8B98-3E749876D8FA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1E177D22-E32B-48A0-B299-F977694AA498}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1EAE4144-24AC-4186-A112-EE105F171168}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1EE9D1C6-5EA0-4C88-9D39-27F3F5E0D8F0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1F7AC607-FB50-4E3F-92E1-F24C558DEC3D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{1FF3F06E-201A-428B-9FA9-2C86EF48F3CF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{200D488D-37B5-4EAE-A46C-D82E2B1B9A53}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{20320516-2935-4F20-A9B7-A64A72B26F27}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2039F14B-69B7-41C9-A5DE-9C51803EE309}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2186FE06-EB43-43B4-8488-0FB5D2940634}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{219BD758-AAA3-4C0B-A479-15482890B3ED}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2265F8A7-13C2-4A57-A3DB-EC646452F504}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{237BEF56-4139-409F-8444-7CC04CC6B55C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2414FB05-6DEB-421D-9D91-D7C0195A85EC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{241CF71C-CD9C-40D7-897E-0AED3AE3FB3F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{24556F41-33B6-454E-9554-B013E7BB7D2F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{24D17B09-A573-4064-922D-D1934DD5EE44}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{25440492-356A-46F7-B8D2-8CF76D8AC921}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{273F653B-6BD6-45EE-AB9B-24973BF025A6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{27617E76-F84A-41ED-A4E6-B728C3FBB895}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2761C2AE-65AC-4929-BB67-8C33720BB837}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{276D96C7-0AF6-4281-932F-C7751BF74B7D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{277D15D9-6C86-4D9A-88EF-0CE8A50D4746}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2787B602-6A53-4840-8CF1-C9EC74D2C959}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{27E6D668-288D-48C6-8255-44BF1719B3B9}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{28A3CF0D-07F2-4811-8E63-03435279DA4E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{28C32CCF-1FBE-4D8D-94F1-AD3DEB52AF11}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{295CE32C-F962-403C-BC8A-152BBBE7B7BF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{29A0A48D-FE68-4697-A681-053AE5E59CFD}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{29A51CA8-3257-4C06-9D03-9CE92EF63A9D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2A21C920-9B25-4586-8D26-0ECFCA4E9E14}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2B1B090E-C621-4422-A523-26B7C5F56074}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2B93DE2E-1C04-4F3E-8335-7F6B9A8F70D6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2BCE0201-AEB4-4B20-B700-13F46D2BF884}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2C048AD2-234B-4D6E-8273-FB5835F6D1D2}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2C42EBCA-959D-4B8F-B583-BB2D0A948048}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2DC399F7-41E3-428B-9401-D6327EC31419}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2DCAA281-8FF6-4E66-AF4A-7241F3F42E74}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2DE5D265-4A22-43BC-9682-7948B716CDD2}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2E5224DD-91D7-413A-A94E-6B0062489650}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2E60A86E-07A5-43D5-8C16-5C869FEC3735}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2F2F7AB6-0429-45B5-AEAB-EC76F3935EF6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2F6838ED-0359-40E6-94C5-1F8BCAF0FA97}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2F6E85D8-4D69-4503-AD16-70F2BDE41D69}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{2FE0F92B-D56B-4F14-802A-3A5812273BEF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3054FE3B-AAF0-4B68-9288-0F126F6D71AE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{30AFBDAD-8734-41ED-8D54-94F9E41F253E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{312C428C-6C75-417C-8600-3792F3E6DA20}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3160EF09-9433-4E08-95F8-A307A1DEA68E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{31CDA665-2930-4347-A552-6F833C6AB0C4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{33F9DDB9-BA32-438D-B0FF-AC6DDB8F724B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{33FCF2A4-74EF-4FF7-84BD-705DE1B4A02E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{345B9483-39A4-4A85-88A5-3130ABF41F86}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{34867B13-7C59-46C0-B8E3-F1674D6DA80B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{357D3B3A-9FDE-4C46-888E-E88B987E5E41}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{35DC0D19-2C42-4105-9082-276067A8DC15}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{35F89BD9-3C8E-46F5-9387-F95F397A7775}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{366A9AB6-DDC8-4123-98B3-7CD34592CAD4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{373A19FA-B57A-458E-A8F3-2934248CA6B8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{37EF6E03-271F-46F9-AD64-2D38ECE70628}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{388D3F45-61AE-4E19-9B3C-38BCF4ABAEC7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{391236B7-1D26-4AF8-8618-A384CF0DF10E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3984D5AA-0908-4F34-A5D7-9404B78DF68C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3AC48D55-AEB2-4488-9074-52FBAC6A23F1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3B047164-1E27-43D5-B4D2-60CA7DAD7944}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3B150A50-8C23-40BD-BC6D-357C8213368F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3B6F3F7E-07F2-45D0-B7D7-A6E35D5E5BE1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3CB8AE59-6B0A-417B-8DEB-0EFCE63AC8F1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3CD5FB6E-0B48-4CB7-92E3-1473E4950729}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3CE5BC98-8F09-4532-AC1C-A49B98BF9312}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3CE81F17-0419-436E-AADB-AEBB43A90077}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3D2545AB-6731-450F-BDCD-127D3BAC1AEC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3D4EBF4A-0DCB-4274-888F-93DE7DE52989}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{3F9CF762-2C6A-4E0C-81FF-2B19923510DB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4057961B-B060-4AC1-83BC-70C5D7D52EE5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{409FEF44-3C53-408B-8618-33DD286D2AED}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{40C20028-82CE-4561-8F34-E67BE0665619}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{411513D1-5848-4511-B5A4-3734D53200D4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{42536F0E-8598-4539-9C7F-1ED82AF68E94}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{42BCD76B-CDBB-4779-A68A-B27E55D7C062}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{43DD412D-9376-4496-9875-B09F723959A0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{45E0781C-5C75-4828-B519-8F89E63C4C5F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{45F751CE-9D06-472D-B32E-4684D33CF456}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{463D4DED-E7F3-4DAB-9515-C5BE9B2A49C6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{473C1C88-B086-4049-A0DC-5A0D7E675D24}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4832724B-F036-45F9-8B66-5002C25481BC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{498C6E25-400E-42B5-916B-F6A2C3E935FF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{49E0123B-B7B1-4734-9EAC-A0883BC1AD9E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4A8EB44B-0081-45CE-A07D-884850D9B748}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4AEC1A55-9400-4A2E-A845-0676A93C74B7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4CF8D562-1A5E-4402-A36B-89684F94523F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4D0EF29C-479B-4D98-85D8-74965AD99C03}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4D88A62E-688A-4EEF-BC55-9EF7262A911C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4E102D18-4795-41D2-A62C-A020884F7F17}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4F4B9497-4EFB-4358-A626-2954CDA918A5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{4FD7B25B-DCA1-42D0-8441-7411D6C6C255}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{50128B22-AFE8-42DB-9391-B5D182C5E0F5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{50D2CDFE-77E8-4837-BAE0-EB48A27E074B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{50DA9720-E73B-490C-A48B-0D20C05670DC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5107FD39-474A-4FB7-B520-5C0C8830F6BC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5167793A-06D4-477A-B433-ECA639799248}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{51BE9FCE-845D-460D-9B3A-E2DFDD3FECFD}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{530C8436-4A2B-4B62-8410-14BF47119AF3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{537D8DA6-FDDD-410F-B45A-9C05DEE7C339}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5389F934-E541-49F3-BEB5-ACEFF5DADFFE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{53A22B4F-B530-49D9-986F-375B096EDA9E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{54BD8EDE-AF7E-4BA7-B3A7-956AC1E90107}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{54D2DFCB-4B4D-4178-8432-F55CB0C51A74}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{55B0EF7D-3C38-48F6-9BE4-2E156D049E4F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{56AFA3E4-42F6-486E-91B1-1F70BB84F89C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{56DB9041-ED47-45E2-A3ED-79B7BE9F3816}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{57B964C5-C8FC-4B3E-83BD-D153D12F1484}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5872C021-922B-484B-9223-52BC3B775890}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{58A83FE7-FD36-46B2-B2CE-EAE498371914}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{58BBC0CB-3F59-47C0-ACE5-E27E377186D5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{58BE5B3F-FEE9-4FDF-ADC8-3D49FF516C28}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{594D0E24-2917-4EAB-BE62-A0CCB8CAC576}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5950A909-3C35-4791-9566-1246475A3023}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5A8CFB7C-9233-49E5-9780-A4F0FFE73B72}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5B0D8954-2410-45BC-AEFE-1F362A6E2864}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5CB3783C-569A-493F-8ABD-FD7EB2698527}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5CF65C2D-6DE3-4BA8-A9EF-DFB6183CB6D3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5D531723-D256-4516-B433-B4A597636611}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5EA08A05-BB35-4EF0-955C-E58A93C0C88B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5ED18FF3-B541-40A2-8028-DA223B7297D6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5EDBDB7F-72D1-42EE-B826-58590ADA2946}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5EFB9ADA-FCF9-4FE7-AC96-4420DCEA1F55}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{5EFF3ACC-2DDE-4998-A559-3FD26B44123B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{603D854C-FB69-4FB2-AC62-BAE45964F6DC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{608B74F8-BBDC-4112-8D1F-200F74254B7C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{640EAD20-BADF-4BCB-805F-F55E638D3C1B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{64FB32D6-0EB8-492F-AE07-8C7791A0CCAB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6566E2BC-663B-4FA3-A233-07AA529DD3E6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{65E48E1E-B4AB-4104-9D29-ED99A4033E66}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{66B02593-50CA-4CF2-8FE8-2C53013689FB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6757306A-36E7-4DE7-B7B1-66FDC426EE50}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{692002F5-8A4D-4830-BAC8-13B152C71C45}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{69BF0456-55AC-45B1-B045-DE8E9BE2DB12}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6A783ECE-5E10-4161-9818-4D8C60C83AEC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6BFB6C0D-475D-44C2-B150-048784FFCB37}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6C6D826B-3D1D-4D8C-B3AC-6891444D9635}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6D116068-82EB-4FBE-9038-A7F3C357418A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6D1AB6D8-8270-475E-BE15-123D493312D0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6D3F1CEA-210D-4CF4-95A3-0F6138D8DAF7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6DD40D3C-CFB0-4957-8858-B391BD46C8AC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6DFCA802-8ECB-48D6-92F0-983177387F10}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{6FDA4DE9-9D93-4B8F-8976-66DB62E05346}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{70B460B1-306B-48B3-A513-5DF7C059DC2A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{713077F6-3416-42D0-B318-17DD11A46C16}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{71DB95F4-72F2-4143-A632-B2FEF884C948}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{729BCA98-090B-4AA5-8D49-513BA40D2DB3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{73CCAD48-EADD-4058-993B-5296751F28CD}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7462FABC-9280-4BCE-B251-848499F4B780}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{74BE576E-CFB8-425F-A13D-DC2B1F51E0C8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{74E85E88-DAEC-406C-9454-D0A93363E3E2}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{74E93D92-A190-4751-AD44-C434D2D1A563}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{75323384-9F4A-4031-B6C7-F4D7D71CFD36}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7578CEE1-DC9E-4E2D-9279-99EB5BAE7C39}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{75A631F7-2015-4CA4-9358-56FA9FFB0238}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{76DD1D73-E3D3-4FFF-987A-FE118FF5F22C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{780630DA-362B-4744-969F-E9AB799F338B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{784F7424-D9F4-44CC-913E-28CA7DF3C533}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{78C8BEBD-E7B4-498F-86A6-83CDD320977C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{79180720-3773-40DA-9746-CD6D5C9BB4C7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{79363464-84DE-4BE5-9C4B-0CD5310BDF9D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7946C622-AB33-4089-A596-F6D98DBCD31E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7B5CA15E-B368-400A-AE0D-A5721CE798B5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7C86E520-5F74-44C1-8A25-D543C2F85353}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7D1469B1-80BA-4B1F-A532-07E4CBCB9BC0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7D5BCC65-7329-4D90-B596-5E405657BCC3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7F2091CA-E514-4878-94A9-21230EA05C82}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7FDE0F3E-6D4E-4648-AABF-4B6AC7BF46E7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7FE3C722-C7C9-44D6-AAEA-16E7DB2863AA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{7FFBC91C-DD8B-4559-A142-C7DC4BC2806C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{801884B6-8EDC-46AE-B3D0-90EF5E81C74A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{801F6217-26FB-4B54-97A6-C142C100D159}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{803B0EEC-DF56-4F20-8189-C596423DD99A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8042F071-ACC3-4936-9EB8-3E16447AAF30}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8051F975-EFAF-446E-8807-F2038C6276F8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{80B8681B-1218-4577-A5D8-04945DAF6FDA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{81F38C11-FB12-433A-BE58-B3C05BF0B866}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{822FB596-460F-4015-986C-E3A3CF84E265}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{82CCDC28-5DDB-4A67-960A-3DA7F846BA6D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{82DFEEBE-4E8D-4E84-81B8-44716EAB902E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{84014143-A14D-4333-B6C7-DB1440D73ADC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{84601776-D749-45B8-BA87-BCE0FD90452E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{880E7118-E4BA-40BA-9D27-8B34D275444B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{88775492-82EE-4C24-8C5B-F3B2095487C3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{887A907C-14DA-4EB0-9095-33784968A933}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8897DA3E-A0A8-4362-AAE3-79B4056CF725}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{88CB1153-748A-47AE-9EEC-A4696625E812}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{89F7EE39-DA83-4B3C-B305-C636D37FC1BE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8A6B27AF-83D6-49F3-8F61-A76031678CA7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8A9BDB19-9669-46F5-AF1A-0554E5E56F01}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8AC9A60E-23B0-45AC-BB87-8470509753DF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8B4F1A56-B30A-4FB7-BA4B-828EEC64B9AC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8B909E2F-7F76-43EF-B465-13255F388170}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8C81F873-02E7-45FA-B053-49176B340B33}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8CB0AE9F-EE7A-4C5E-BF0E-16EBF2C31B9F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8CF412FD-F690-45CB-ABC1-8672E5B643CB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8D22A8D6-38EB-4B0D-B806-126B26B4CC8C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8D6545F0-D74D-4485-A823-597C62FEB7BC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8D6B8D19-63E5-4A4B-864E-CFFAEAF2776E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8E493BB9-03BA-4021-BB1F-196FA9DB96BC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8E6C249B-3494-42C7-8507-DC5D67994F5A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{8EC62AB5-C73B-446D-82F7-F88C04605015}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{902A26D9-FA07-407E-B400-81417D118517}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{908001E0-7784-4F54-AABC-DCFEDFC8D3F3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9085C0F6-E018-4B09-A2B5-E3ACB49933E8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{90885CF1-B193-4065-B7EC-39C691961286}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{91C52294-FC0A-4D35-9098-BA0E72E3A63B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{92A12801-C5C1-46A0-8A41-E4A8129F432B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{92AAE7A5-41E5-4A16-A945-01135E572560}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9412A1EC-BD22-4AFC-A668-0B2EC8E73CD8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{95553ECB-40C7-49EF-8C91-11C870F90A30}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9559258D-D680-47BF-9294-0BF72065062F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9651DECE-F1C4-498D-A97D-122A9722970F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9797BD09-A259-4878-AB2C-B0A5DC15F451}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{99184332-D469-4A35-8D8A-8C5E164944C8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{99FA2BD7-C72E-4B28-9D07-0640AE252E92}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9A35AA9C-D164-4F4E-909B-B872BC3C2127}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9AF33E08-4083-4FC3-A09B-1C1A4CA8D9C7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9B302AF2-2BF5-4B57-9588-8948CCCBBF9D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9B85B3B6-3433-461D-B8A2-8D06FAC1D07A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9BD49C0A-A071-4ACF-AACE-5F4ED87F7486}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9C4DB97C-71EC-4825-AF3F-BE4F1AFF5706}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9CD15108-6E13-420F-BB11-74A8D7D84EE4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9CE5A3FE-B095-4953-A010-A4EF21A358C6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9CF5BE07-8273-4810-9CE3-7BADB6787549}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9D215EB1-DB5D-4E23-A87F-2178EA3A909C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9FC13E10-DEA5-4D28-9332-DCEDA5BAFE6C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{9FE527ED-7ABE-4F75-A06E-51CAF6F413EA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A0FDF5C2-AB27-4E24-9BDC-388C56ABCE22}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A10923FA-BD9C-45FE-B388-B931E18CF41E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A1258F03-BB93-447D-868B-91A88F9D0191}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A198664C-4050-43FB-B7C1-2EA0C9BD83AC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A1DE315C-950D-4854-ABAD-B1F3A836C3C6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A1EEC62C-6802-496B-81DC-97CAA82434FF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A2FACB8B-B87B-4BC2-9922-A966257367AE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A30FA817-ED94-47B1-8262-32D9DD7FA806}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A33CC834-D2C0-4F04-B7B5-C69D23C5D605}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A39A1143-2FB6-4A25-A885-3170BA6B7228}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A3B9A566-210C-497A-A735-F977C95A9A09}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A3F8AED8-A6BC-4753-8AF9-D0350DC882FE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A4285560-C317-4EF2-A870-F4352F812D24}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A4A9B63A-AF25-4561-87BD-A5CB9B266240}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A78F40F8-4EC6-4DDA-9D63-0645094366CB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A797C05D-BCA9-4B3D-A0B4-0270E1B2AE26}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A83BA60F-0AE2-4C83-B974-75F10488640D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A8B1EE70-5473-4477-8285-AD255A7C36A7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A93C2C8F-B0BB-411B-8F25-D075EE8AE3F5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A944C314-791C-46EB-B00B-A088B77FA07A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{A9DAF873-E437-4CED-8251-B053BA992991}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AA452D5A-66A1-4F70-8161-085A5CC207E6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AB6E2807-F157-498F-AD01-869E98C47B17}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AD877829-004E-4BD3-8EEE-224CD382A829}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{ADCF9BA9-6FA4-46C5-BAE9-3694A54BF281}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AF8D5C3E-EED2-4914-AC83-FEC5A4652B4B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AFB0660E-5361-4C5C-AD7E-48A0DAE5188F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{AFB7837B-E5E6-4E5A-87B9-DF3EB1CFE149}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B0F73D41-6923-424E-AF6E-B1483FD5AAD5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B24155D0-749F-4045-8ACA-3D162948BBA4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B2F8D534-F232-4C91-B761-69219E2CCC22}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B3C04A66-F392-4331-8BA1-1EB17B4D66ED}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B3C7E0FE-0CA2-4243-842C-9DC393AD3E6D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B3CEEA0C-BCBC-42D1-8E1A-A98871FF61A3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B3DAB348-9E3B-43C9-9EA4-802E91360E40}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B434F629-3F7B-4DBB-8662-B2933E0260FF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B4359315-550F-4D30-A129-F4AF21103358}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B491C5CE-D806-4E85-950C-9932D8B19D8F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B50916DB-2F64-45AB-9317-FC53D5182B15}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B66A6EBB-E339-4866-85C2-59F899E1FBDA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B6721D96-416D-43A6-8EBE-609CD64CAE4C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B6B156CD-3E6C-4CC7-9B58-AC1D49A4826D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B7306674-F96C-420E-9CE1-3552D64B543B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B79EB7E5-ACA6-4413-B7C1-345F66BCD002}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B79F2813-033C-4DDB-BFA5-5841D10A3D8E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B7B07452-2A0D-49CB-ACA1-E74390CFA879}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B86CBBBB-D220-4748-9522-59E58B3E0397}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B8AB099A-253C-49A1-8955-F37E9CBF3096}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{B9CC5B6C-7830-40B3-8B9D-ECD43B13CFA3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BDBA63F0-C3B6-4066-A2B6-59F2B5B71326}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BDE081A4-1127-4B97-A27D-19A3BFDCC144}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BE14AABB-FF60-4BD1-9E8D-7D2434915799}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BE1B5850-E94F-49A8-A348-A4FB5530FC80}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BE845937-68E7-453A-92CD-DC15F9CAF37E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BF970F8B-FBBB-45AE-A060-AB3EB0DC9507}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{BFD2232F-A74B-40A9-8D5B-3E6C9380F7C2}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C001475A-62FE-424B-9428-91058423E2A0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C00CBF07-46F5-46AD-B273-65B86F7D5ED7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C0460A29-637C-4575-A3A2-46486FD3EEC4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C0B822C6-99B4-4A2D-8F19-BAA6428E442C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C0F3EFC0-092E-4B95-897A-EFC900F88B6C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C1B00AEE-34E8-44FD-A10C-AD221B7B0868}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C20B0282-9D1C-4653-B4AC-2538808B434D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C290A075-8CCF-4619-BF8E-D1173BBE8898}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C2EBB13B-74F2-4846-AAA6-5F1655AFAF87}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C39CC1BE-E2F8-44D1-A55F-FAAADC96686E}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C42D0528-10DA-4D0C-8895-16714ADFC447}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C45218E4-3909-45F9-B5FB-88A7613E48A4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C4DC5C28-7E33-4C78-884F-0E26AE6F9E57}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C4E44BB7-6136-4B80-8EDF-5D0CEF6DF993}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C5DA8212-8A8D-475C-A900-20063917F7AF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C63123B5-F83A-4896-8D3D-25705C230E78}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C6D94596-8EDA-4E8B-BE63-C7E0238A2A97}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C7619C0E-D722-423B-9D6B-AE04B923D184}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C7843C38-18EA-4BF0-A5CF-B8E4870500BD}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C8CDEA00-C9A8-4092-98C3-649B6A458389}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C8ED66ED-8620-4464-8EF7-9DBA303FFFE8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C95CFF8F-18E2-4B56-9135-5100A00FDB2D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{C98B7DEC-4FC8-4771-9968-268CCD63B726}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CABFD3C1-FCA3-4595-916D-2DB75FADAA4D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CB36B544-D9C7-4031-BCD0-EE7AB3A6A0CE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CBC7CC44-0F2C-4A73-A91E-FAE328C0F60C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CC1386E2-2FCB-460F-AFD4-72921A54A269}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CD633831-B347-44AE-9CF4-AC585E3D8F3B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CE974E89-3FBA-4C39-9D4E-D97E5C0CC983}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CEE41969-D5A0-421C-B3E5-275A45401C6B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CEF6C49A-FD9F-4EDF-9F98-8E80B4602F6C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CEF930CF-C5EB-4F54-8064-6C46C50F5243}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CF9D283B-9770-40C8-A6D4-B641C2842D3C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{CFC05F20-F84E-42EA-875C-B63625172311}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D09AE641-D47F-4DD8-B3FF-6F15A837E953}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D0E71E48-B481-4BA5-86F4-3AB33A9D493C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D0ED9643-6B35-4DF8-B417-2AFA0D4ECF41}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D171525B-1F74-461D-83D8-9D943A2E6E71}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D21A9AEF-7EDA-4F18-AEE7-0F5831E9FBA0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D247FE6E-65F7-4A7C-9CE4-908A289F51DD}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D33F8B52-C01E-4609-8338-0B1AF1313206}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D3B4EA90-8005-4795-8A25-FC855E177B19}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D418D56A-6B55-400E-B16F-CB0BCECCA914}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D484D4AD-2564-4AFB-A356-4E76A989EAF3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D4E58EBA-1203-4652-BCC1-8E06177F4F0B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D4F309B8-C42F-492F-9910-E67849B17281}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D4FCDEFE-B3E9-4773-AF4B-238B309615EE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D6047D30-84CB-4290-B127-F1FF16D2C70B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D649AEEA-A815-4BF2-943C-756914DED3A5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D697B665-77E7-4233-B521-F54A389B935C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D79D0E6F-510A-4B3B-9D98-07ED5DFC2128}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D7AE372A-2049-4AEA-A142-A12B1C130E50}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D7B9B026-2B1F-4808-9B00-931165F71A73}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D8E748AB-44FF-465F-AC12-1D76DCEF6EEC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D917CCE8-A958-4761-B12F-65B95FCCE80F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{D9BD12DD-101E-42CE-868C-C44075ECB639}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DA83187A-8DDE-436E-BE09-BE78C0604234}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DB0A7F60-E7C9-497E-BA5F-549F4FFDBE2C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DB4134F2-A87A-45D6-A752-C330E95A0DB7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DBBCE282-D116-469D-8C13-02FEDBA2A4A8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DDC9D1EF-0C04-4C5E-BF83-D7E3FC953249}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DDFBAEAE-1E29-4A81-A905-07CC83B2A2EA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{DEAF09B4-EE27-4539-AB19-95DA540F5DAF}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E0597184-1151-4500-B1E8-6E2740CFC15A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E05F2BFA-B735-47F0-ADDB-BEAAA19D69D3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E0C806AE-0233-408D-A4F0-6E4C7A9B6DAA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E112956E-646F-4023-AE20-315001FD04AA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E1FA0A61-7D2B-40B6-A053-21DAEB1D7618}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E265C997-52E6-4CF5-831C-7A90EF5A47B3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E2A16EDD-83A6-4E77-87AD-220642785A85}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E2A9EA4F-F978-4E90-8C0A-42440F24BD22}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E2AF4492-9D2F-4D77-AAC1-AEDC0BC4467C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E3D7AE61-14F1-4A7C-9A01-E7FBEDF11E4A}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E3ED7993-10DB-42D1-937B-821E6734FB58}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E436EB66-139D-4459-A71F-62CD73DFEBA4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E45F65C6-929D-4988-B5D1-0F73E8CDD3A0}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E544313C-3171-4510-8374-04007AFABB21}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E693BA3C-0AB1-4511-8D46-9DCA39292CB6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E78438A0-386C-49CB-A490-0AEC8F2EA5A8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E787280D-EC91-4F73-A502-FE4DE9E0AF4B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E7BA2267-6E4A-4796-B46E-454027B0DC42}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E7F3B8DE-93B3-4367-8BB7-629D61118475}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E7FB4D9D-4C6A-41E5-A5A0-42DC405F6BF8}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E81295EF-D04F-48F9-AC00-F272A7FD16F6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E8BD24ED-1FD7-4A63-BB16-EB6197A166D4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{E959EF77-6203-42D9-B315-EC31CC882285}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EA923BB2-A911-45DC-9F8F-650A7A12C652}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EB613518-98F0-46D3-8311-49237BF6F14F}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EB9FE96F-9DB9-4622-862A-110800AE0A21}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EC2F224F-D1D4-469B-9D0F-DDC553CE383D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EC7FB695-687A-473E-ACFF-41C6B5CA4D2D}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{ECA2556E-395A-42CE-BA18-62518B88AB25}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{ECADF8CE-3443-46AF-B234-EC0ED61FEB30}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{ECC2B61F-DB3E-488C-A0D2-0C0C7355DB42}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{ED8A2F5A-40EC-4C5F-B5A7-DE526627F692}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EE1755D3-6B77-4119-8C51-AAE832934DF7}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EE5D3274-DBD4-42F1-ABF4-6B0409ED0DB1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EFB95716-E25A-4082-B8E7-AFCA1C5D1660}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{EFBE64DD-9879-4AAE-956E-2AB9D7566627}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F02FDEB8-4541-4A1E-8BD6-F8A817EF4129}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F0329FCA-CCC3-41F2-AE3A-4176952ECD14}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F11E7FCF-D81F-45BA-ABDC-3464055D324B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F1941691-BA6C-474F-9DB2-E9741CE2BF62}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F2464DF7-A7CB-4970-92E7-E640BCD757A9}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F2B253D3-4AB2-49D8-A150-F719D4E145C3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F3BD1ADB-8E73-49E1-BD67-6FCF28372E29}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F3FB637E-E6CA-46A6-BB4B-2CDDF8AB8C30}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F44EE263-ACFF-4DF6-BCF0-1C2921400CB3}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F4CE7AEA-DA07-4A69-A4B6-4C070B8A8BA9}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F4EA8B54-EFBE-4CB6-A6D3-82F66CCC2B7C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F62B36C2-7845-4526-B372-EB5AEB4A5335}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F62F78B0-CD9F-4881-A258-61AE07D4EBAC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F66E23BC-9191-4ACE-BD50-6B4F27AD47B6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F675AF58-0C80-4A7D-8AF2-7D2101EA01AE}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F6A04AFF-4284-4438-A298-8263F50CA244}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F711F68B-CA09-4356-8E55-3B4B88AE5224}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F7503833-F8C2-41E9-8529-D52CF87659E5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F75220C6-2AD3-4386-9D1A-160CCBB96BA5}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F75CBBC2-A6FA-43D0-9EC3-8738069CD9F6}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F7626E67-5DEC-4096-8392-91245484F408}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F7B38F33-32D4-4C94-A1CB-7179FEB6C5ED}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F83F8239-0A59-4448-BFD0-1AB04072DC51}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F88CC86F-6C80-4A89-BF67-CBC24F0265BB}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F8B98023-A330-4473-990D-29243059EBB2}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F8CF7117-DDA7-4C8F-ABA9-DAEC722E5A9C}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{F8F7B5EE-00D8-4B1A-AF99-C639E50E8931}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FA3BD467-2992-482B-A49E-0F94D5019D35}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FA62D99A-3912-4721-B018-BBA7DE4D53D1}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FA97FD4B-F381-4940-93B3-719D94627C68}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FB969628-B9AB-4B09-9426-ADCC544AE399}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FBDF27C0-04CA-48B3-8153-D9E346A26DC4}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FC5E8F50-51BB-4EE1-8176-63F740EEE17B}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FD57AEB1-D174-4CDB-80D0-E4F36D7ACEAA}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FE778BBE-FD6D-498F-A5D5-FF5BEDAA0F46}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FEFD8462-A685-4363-8792-5CE1CCB1B2EC}
Successfully deleted: [Empty Folder] C:\Users\Donovan\appdata\local\{FFAA653E-C116-4AE7-B78F-2DBC1E9DB123}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Donovan\AppData\Roaming\mozilla\firefox\profiles\xfa57450.default\extensions\staged
Emptied folder: C:\Users\Donovan\AppData\Roaming\mozilla\firefox\profiles\xfa57450.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 10-05-2014 at 22:59:37,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 10:33 pm

Security check:

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup 2011
Vinny27 - AVG PC Tuneup 2011 v10.0.0.26
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java(TM) 6 Update 25
Java 7 Update 55
Java(TM) SE Development Kit 7 Update 3
Java SE Development Kit 7 Update 17
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 33.0.1750.117
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 10th May 2014, 10:39 pm

Were you able to get MBAM to run?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 10th May 2014, 11:02 pm

No sorry, not even in safe mode. I've tried everyting

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 11th May 2014, 12:30 am

Ok, let's try this:

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 12:48 am

Alright I'll try it right now!

Btw, your links only work on chrome, i've tried it on mozilla and IE because when I use it with chrome the browser virus sends me to an error page

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 2:11 am

SYS LOG

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8572231680, free: 5801459712

Downloaded database version: v2014.05.10.11
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
    05/11/2014 02:58:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\scrcamhrdrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\rzendpt.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009092060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa8009091b60
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009092060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa8009091b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007b29060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa8007885060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xfffffa8007880060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b28b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b28060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007487e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007880060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0179c4a10, 0xfffffa8007b28060, 0xfffffa800f1324c0
Lower DeviceData: 0xfffff8a01b0d07d0, 0xfffffa8007880060, 0xfffffa800f5841f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F8300EF1

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 16065  Numsec = 1953505280
   Partition file system is NTFS
   Partition is bootable

   Partition 1 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007b29060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b29b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b29060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007457710, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007885060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0081dd8c0, 0xfffffa8007b29060, 0xfffffa800f1f2790
Lower DeviceData: 0xfffff8a005de2bd0, 0xfffffa8007885060, 0xfffffa800c7ef090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80D2F3EE

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 2048  Numsec = 293699584
   Partition file system is NTFS
   Partition is not bootable

   Partition 1 type is Primary (0x7)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 293701632  Numsec = 18878464

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8009092060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009092b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009092060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009091b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0178c7930, 0xfffffa8009092060, 0xfffffa800f786790
Lower DeviceData: 0xfffff8a017b5f940, 0xfffffa8009091b60, 0xfffffa800da5f6e0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7096695A

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 206848  Numsec = 3906820096
   Partition file system is NTFS
   Partition is not bootable

   Partition 1 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398929920 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files (x86)\Windows Manager\winmgr.exe --> [Backdoor.Agent.MSC]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINMGR.EXE --> [Backdoor.Agent.MSC]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINMGR.EXE --> [Backdoor.Agent.MSC]
Infected: C:\Program Files (x86)\Windows Manager\winmgr.exe --> [Backdoor.Agent.MSC]
Infected: C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe --> [Trojan.BtcMiner.TS]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Time --> [Trojan.BtcMiner.TS]
Infected: C:\Windows\SysWOW64\Microsoft.com --> [Backdoor.Agent.MSCGen]
Infected: C:\Users\Donovan\AppData\Local\Temp\Win32.exe --> [Backdoor.Agent.MSCGen]
Infected: C:\Users\Donovan\AppData\Local\Temp\5424 --> [Backdoor.Agent.MSCGen]
Infected: C:\Users\Donovan\AppData\Local\Temp\6114 --> [Backdoor.Agent.MSC]
Infected: C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\select.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\_socket.pyd --> [Trojan.BtcMiner.TS]
Infected: C:\ProgramData\Microsoft\Windows\Time\library.zip --> [Trojan.BtcMiner.TS]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Ransom]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WindowsUpdate --> [Backdoor.Agent.WUGen]
Infected: C:\Windows\System32\taskmgr.exe --> [Backdoor.Agent.WUGen]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger --> [Hijack.Security]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger --> [Hijack.Security]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger --> [Hijack.Security]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger --> [Hijack.Security]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8572231680, free: 6641381376

Downloaded database version: v2014.05.10.11
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
    05/11/2014 03:40:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\scrcamhrdrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\rzendpt.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800c514060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa800c513b60
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800c514060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa800c513b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007b2f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa800756b060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xfffffa8007564680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007568520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007564680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a005bf0aa0, 0xfffffa8007b2e060, 0xfffffa8006ec7790
Lower DeviceData: 0xfffff8a0065af4e0, 0xfffffa8007564680, 0xfffffa8007008090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F8300EF1

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 16065  Numsec = 1953505280
   Partition file system is NTFS
   Partition is bootable

   Partition 1 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-16064-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007b2f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b2fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b2f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074bee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800756b060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a005cf0670, 0xfffffa8007b2f060, 0xfffffa80070dd090
Lower DeviceData: 0xfffff8a0060fede0, 0xfffffa800756b060, 0xfffffa8006dd3090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80D2F3EE

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 2048  Numsec = 293699584
   Partition file system is NTFS
   Partition is not bootable

   Partition 1 type is Primary (0x7)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 293701632  Numsec = 18878464

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800c514060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800c514b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800c514060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c513b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00604ee60, 0xfffffa800c514060, 0xfffffa8006dd0790
Lower DeviceData: 0xfffff8a0062467f0, 0xfffffa800c513b60, 0xfffffa8006fa3550
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7096695A

Partition information:

   Partition 0 type is Primary (0x7)
   Partition is ACTIVE.
   Partition starts at LBA: 206848  Numsec = 3906820096
   Partition file system is NTFS
   Partition is not bootable

   Partition 1 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 2 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

   Partition 3 type is Empty (0x0)
   Partition is NOT ACTIVE.
   Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398929920 bytes
Sector size: 512 bytes

Done!

MBAR LOG

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

Database version: v2014.05.10.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Donovan :: DONOVAN_PC [administrator]

11-5-2014 2:58:35
mbar-log-2014-05-11 (02-58-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 301492
Time elapsed: 29 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Windows Manager\winmgr.exe (Backdoor.Agent.MSC) -> 984 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 59
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINMGR.EXE (Backdoor.Agent.MSC) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINMGR.EXE (Backdoor.Agent.MSC) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Time (Trojan.BtcMiner.TS) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 16
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\Donovan\LOCALS~1\Temp\msoaxeim.scr -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|WindowsUpdate (Backdoor.Agent.WUGen) -> Data: C:\Program Files (x86)\Windows Manager\winmgr.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\system32\Microsoft.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 24
C:\Program Files (x86)\Windows Manager\winmgr.exe (Backdoor.Agent.MSC) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\Windows\SysWOW64\Microsoft.com (Backdoor.Agent.MSCGen) -> Delete on reboot.
C:\Users\Donovan\AppData\Local\Temp\Win32.exe (Backdoor.Agent.MSCGen) -> Delete on reboot.
C:\Users\Donovan\AppData\Local\Temp\5424 (Backdoor.Agent.MSCGen) -> Delete on reboot.
C:\Users\Donovan\AppData\Local\Temp\6114 (Backdoor.Agent.MSC) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\select.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\_socket.pyd (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Time\library.zip (Trojan.BtcMiner.TS) -> Delete on reboot.
C:\Windows\System32\taskmgr.exe (Backdoor.Agent.WUGen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 2:13 am

It seems like I can install programs again, but I still don't have all the rights I should have (can't delete some files) AND the browser virus is still here...

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 11th May 2014, 4:59 pm

Wow, we hit paydirt there but I have some bad news. See my warning below.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: [You must be registered and logged in to see this link.]

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 5:51 pm

I would like to attempt to clean my machine, it's been with me for a long time and I've downloaded many many games/programs, stored even more files for school/work/etc, it's a lot of work to back that up, and all those important files could even be infected, so let's put the reformat/ re-install OS somewhere to pick up when we're sure my pc is not save anymore.

I would like to thank you for all your help you did but like to ask you one more thing, can you fix my computer?

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 11th May 2014, 7:12 pm

it's been with me for a long time and I've downloaded many many games/programs, stored even more files for school/work/etc, it's a lot of work to back that up, and all those important files could even be infected

If you value your data you really should backup all of it. You never know when your harddrive will go bad. If it does that, all is lost.
I would like to thank you for all your help you did but like to ask you one more thing, can you fix my computer?.
Let's continue by trying to run MBAM and posting the log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 9:35 pm

When I try to install MBAM it gives me error 5: acces denied

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 11th May 2014, 10:05 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 10:55 pm

LOG:

ComboFix 14-05-10.01 - Donovan 12-05-2014   0:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8175.5644 [GMT 2:00]
Gestart vanuit: c:\users\Donovan\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1399783145.bdinstall.bin
c:\programdata\6BFF2C26B4.sys
c:\users\Donovan\AppData\Local\Topblast
c:\users\Donovan\AppData\Local\Topblast\Red_Dragon_6.exe_Url_vjdtfk0ndfmxu0nwhicqnbwsn1dpmsjw\6.0.0.0\user.config
c:\users\Donovan\AppData\Roaming\poclbm
c:\users\Donovan\AppData\Roaming\poclbm\poclbm.ini
c:\users\Donovan\AppData\Roaming\Waolq
c:\users\Donovan\AppData\Roaming\Waolq\mequo.atq
c:\users\Donovan\AppData\Roaming\Wuko
c:\users\Donovan\AppData\Roaming\Wuko\cune.uwa
c:\users\Donovan\Documents\~WRD0000.tmp
c:\users\Donovan\msdata
c:\windows\SysWow64\tmp9353.tmp
c:\windows\SysWow64\tmp9373.tmp
c:\windows\SysWow64\tmpBE10.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-04-11 to 2014-05-11  ))))))))))))))))))))))))))))))
.
.
2014-05-11 22:33 . 2014-05-11 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-11 17:07 . 2014-05-11 17:07 -------- d-----w- c:\program files (x86)\ESET
2014-05-11 15:27 . 2014-03-06 08:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-11 04:55 . 2014-05-11 04:55 -------- d-----w- c:\program files\AVAST Software
2014-05-11 04:54 . 2014-05-11 04:54 -------- d-----w- c:\programdata\AVAST Software
2014-05-11 04:43 . 2014-05-11 04:43 -------- d-----w- c:\program files\Bitdefender
2014-05-11 04:39 . 2014-05-11 04:39 0 ----a-w- c:\windows\system32\BDSandBoxUISkin32.dll
2014-05-11 04:39 . 2014-05-11 04:39 0 ----a-w- c:\windows\system32\BDSandBoxUISkin.dll
2014-05-11 04:39 . 2014-05-11 04:39 0 ----a-w- c:\windows\system32\BDSandBoxUH.dll
2014-05-11 04:29 . 2014-05-11 04:43 -------- d-----w- c:\program files\Common Files\Bitdefender
2014-05-11 04:28 . 2014-05-11 04:28 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2014-05-11 04:16 . 2014-05-11 04:16 -------- d-----r- C:\Sandbox
2014-05-11 04:13 . 2014-05-11 04:13 -------- d-----w- c:\program files\Sandboxie
2014-05-11 04:02 . 2014-05-11 04:02 -------- d-----w- c:\users\Donovan\AppData\Local\MFAData
2014-05-11 04:02 . 2014-05-11 04:02 -------- d-----w- c:\users\Donovan\AppData\Local\Avg2014
2014-05-11 03:41 . 2014-05-11 03:41 -------- d-----w- c:\windows\system32\drivers\en-US
2014-05-11 03:36 . 2014-05-11 03:36 -------- d-----w- c:\program files\Microsoft.NET
2014-05-11 03:25 . 2014-05-11 03:25 -------- d-----w- c:\programdata\VS
2014-05-11 03:21 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-05-11 03:21 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-05-11 03:21 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-11 03:21 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-11 03:21 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-05-11 03:21 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2014-05-11 03:21 . 2013-10-02 01:29 62976 ----a-w- c:\windows\system32\tsgqec.dll
2014-05-11 03:21 . 2013-10-02 00:15 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-05-11 03:21 . 2013-10-02 00:08 83968 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-05-11 03:21 . 2013-10-02 00:01 420864 ----a-w- c:\windows\system32\wksprt.exe
2014-05-11 03:21 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2014-05-11 03:21 . 2013-10-01 20:57 6578176 ----a-w- c:\windows\system32\mstscax.dll
2014-05-11 02:05 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-05-11 02:05 . 2013-09-25 02:26 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-11 02:05 . 2013-09-25 02:26 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-05-11 02:05 . 2013-09-25 02:23 28672 ----a-w- c:\windows\system32\sspisrv.dll
2014-05-11 02:05 . 2013-09-25 02:23 135680 ----a-w- c:\windows\system32\sspicli.dll
2014-05-11 02:05 . 2013-09-25 02:23 28160 ----a-w- c:\windows\system32\secur32.dll
2014-05-11 02:05 . 2013-09-25 02:22 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-11 02:05 . 2013-09-25 02:21 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-11 02:05 . 2013-09-25 02:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-11 02:05 . 2013-09-25 01:03 30720 ----a-w- c:\windows\system32\lsass.exe
2014-05-11 02:05 . 2013-07-04 12:18 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2014-05-11 02:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-05-11 02:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-05-11 02:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-05-11 02:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-05-11 00:58 . 2014-05-11 01:40 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 00:50 . 2014-05-11 00:52 -------- dc----w- c:\users\Donovan\AppData\Local\MigWiz
2014-05-11 00:49 . 2014-05-11 01:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-10 20:54 . 2014-05-10 20:54 -------- d-----w- c:\windows\ERUNT
2014-05-10 13:18 . 2014-05-10 20:15 -------- d-----w- C:\AdwCleaner
2014-05-10 00:37 . 2014-05-10 00:37 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-05-10 00:37 . 2014-05-10 00:37 859648 ----a-w- c:\windows\system32\tdh.dll
2014-05-10 00:37 . 2014-05-10 00:37 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-05-10 00:37 . 2014-05-10 00:37 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-10 00:37 . 2014-05-10 00:37 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-05-09 21:41 . 2014-05-09 21:41 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-09 21:33 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-09 21:33 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-09 21:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-09 21:33 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-09 20:55 . 2014-05-09 20:58 -------- d-----w- c:\windows\system32\MRT
2014-05-09 20:51 . 2014-05-09 20:51 -------- d-----w- c:\program files\Microsoft Silverlight
2014-05-09 20:51 . 2014-05-09 20:51 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-05-09 20:41 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2014-05-09 20:40 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2014-05-09 20:31 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-05-09 20:08 . 2014-05-09 20:08 -------- d-----w- c:\programdata\AVG
2014-05-09 20:07 . 2014-05-09 20:07 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-08 20:13 . 2014-05-08 20:13 -------- d-----w- c:\program files (x86)\GUM3570.tmp
2014-05-08 20:12 . 2014-05-08 20:12 -------- d-----w- c:\program files (x86)\GUMCC62.tmp
2014-05-08 20:12 . 2014-05-08 20:12 -------- d-----w- c:\program files (x86)\GUM7C5F.tmp
2014-05-07 18:43 . 2014-05-07 18:44 -------- d-----w- c:\users\Donovan\AppData\Local\DynamicPricer
2014-05-07 18:43 . 2014-05-07 18:43 -------- d-----w- c:\users\Donovan\AppData\Local\19504
2014-04-29 13:07 . 2014-04-29 13:07 -------- d-----w- c:\program files\Crytek
2014-04-19 20:20 . 2014-04-30 17:23 -------- d-----w- c:\users\Donovan\AppData\Local\wf-launcher
2014-04-19 20:20 . 2014-04-19 20:20 -------- d-----w- c:\program files (x86)\Crytek
2014-04-17 21:11 . 2014-05-11 01:32 -------- d-sh--w- c:\program files (x86)\Windows Manager
2014-04-17 14:35 . 2014-04-17 14:42 -------- d-----w- c:\program files (x86)\Finn and Jake's Epic Quest
2014-04-15 15:37 . 2014-04-15 15:40 -------- d-----w- c:\users\Donovan\AppData\Roaming\Notepad++
2014-04-15 15:37 . 2014-04-15 15:37 -------- d-----w- c:\program files (x86)\Notepad++
2014-04-15 11:02 . 2014-04-15 11:02 -------- d-----w- c:\program files (x86)\NCSOFT
2014-04-15 11:02 . 2014-04-15 11:02 -------- d-----w- c:\users\Donovan\AppData\Roaming\NCSOFT
2014-04-15 11:02 . 2014-04-15 11:02 -------- d-----w- c:\users\Donovan\AppData\Local\NCSOFT
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-11 03:28 . 2013-07-10 19:00 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2014-05-10 00:38 . 2014-05-10 00:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-05-10 00:38 . 2014-05-10 00:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-05-10 00:38 . 2014-05-10 00:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-05-10 00:38 . 2014-05-10 00:38 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-10 00:38 . 2014-05-10 00:38 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-10 00:38 . 2014-05-10 00:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-05-10 00:37 . 2014-05-10 00:37 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-05-10 00:37 . 2014-05-10 00:37 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-05-10 00:37 . 2014-05-10 00:37 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-05-10 00:37 . 2014-05-10 00:37 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-05-07 17:16 . 2013-10-23 12:15 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-04-30 17:03 . 2012-04-27 14:45 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 17:03 . 2011-12-02 15:13 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 00:07 . 2014-04-04 00:07 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-31 01:51 . 2011-12-02 14:01 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-25 23:12 . 2014-03-25 23:12 77824 ----a-r- c:\users\Donovan\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\ARPPRODUCTICON.exe
2014-03-25 23:12 . 2014-03-25 23:12 77824 ----a-r- c:\users\Donovan\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_BA6F52370FB84CB79FA120E96853A4F3.exe
2014-03-25 23:12 . 2014-03-25 23:12 77824 ----a-r- c:\users\Donovan\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_4928C3DDAA574E9788505A94F934E31D.exe
2014-03-21 20:50 . 2012-08-14 14:36 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-03-17 09:16 . 2014-04-04 15:07 10521840 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04A9621C-DEAB-4E84-866C-3280FB01C10F}\mpengine.dll
2014-03-16 16:12 . 2012-04-21 18:23 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-16 16:12 . 2011-12-08 15:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-16 14:53 . 2011-12-08 15:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-04 09:17 . 2014-05-11 02:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-05-11 02:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-05-11 02:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-05-11 02:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-05-11 02:06 2048 ----a-w- c:\windows\SysWow64\user.exe
2002-06-04 07:59 . 2002-06-04 07:59 204800 ----a-w- c:\program files (x86)\Restoration.exe
2002-03-31 03:35 . 2002-03-31 03:35 6144 ----a-w- c:\program files (x86)\DLL16.DLL
2002-03-21 08:20 . 2002-03-21 08:20 204849 ----a-w- c:\program files (x86)\DLL32.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-04-23 1825984]
"GoogleChromeAutoLaunch_BC8BDEB63AAFCA969EBAB877659FCB65"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-09 859464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-11-29 766208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-11 3873704]
.
c:\users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Donovan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0700Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Donovan\AppData\Local\Temp\005B434.tmp;c:\users\Donovan\AppData\Local\Temp\005B434.tmp [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 PCWinSoft;ScreenCamera Video Camera;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\scrcamhrdrv_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 00:41 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 17:03]
.
2014-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747785543-1256656071-13493864-1000Core.job
- c:\users\Donovan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-30 17:07]
.
2014-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747785543-1256656071-13493864-1000UA.job
- c:\users\Donovan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-30 17:07]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 15:13]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-11 05:05 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Donovan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = google
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = google
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Klant openen op monitor &1 - c:\windows\web\AOpenClient.htm
IE: Klant openen op monitor &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.2
TCP: Interfaces\{E2EF067D-707D-46CD-B867-7E92A9EE86BE}: NameServer = 8.8.8.8,6.6.6.6
TCP: Interfaces\{F34DEC68-ACE6-4824-AD9A-FA76C7791318}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F34DEC68-ACE6-4824-AD9A-FA76C7791318}\2557574613: NameServer = 8.8.8.8,6.6.6.6
TCP: Interfaces\{F34DEC68-ACE6-4824-AD9A-FA76C7791318}\9434944455: NameServer = 8.8.8.8,6.6.6.6
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Donovan\AppData\Roaming\Mozilla\Firefox\Profiles\xfa57450.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKU-Default-Run-Copy - c:\users\Donovan\AppData\Roaming\Copy\CopyAgent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{83BEA36E-7680-4598-A4DF-994426F6E78D} - (no file)
ShellIconOverlayIdentifiers-{845B7388-6F85-4F32-9FD5-F02DC7882B89} - (no file)
ShellIconOverlayIdentifiers-{F6378A7A-F753-449B-AE1B-997A96132E61} - (no file)
ShellIconOverlayIdentifiers-{3A511828-777D-46F8-82F4-5B530C1B3D9E} - (no file)
ShellIconOverlayIdentifiers-{C8C88204-5B14-40EC-BA72-8AEBC762047E} - (no file)
ShellIconOverlayIdentifiers-{ACFF45C3-3EEB-4351-86C2-6696BA264239} - (no file)
ShellIconOverlayIdentifiers-{29AF997F-488B-46F0-AE78-7146F1B89CC3} - (no file)
ShellIconOverlayIdentifiers-{03F9AD29-1C78-4B66-8890-B177B5430C53} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Game Booster_is1 - c:\program files (x86)\IObit\Game Booster 3\unins000.exe
AddRemove-Hitman Absolution_is1 - c:\program files (x86)\SQUARE ENIX\Hitman Absolution\unins000.exe
AddRemove-Kaspersky Password Manager_is1 - c:\program files (x86)\Kaspersky Lab\Kaspersky Password Manager\unins000.exe
AddRemove-Unity - c:\program files (x86)\Unity\Editor\Uninstall.exe
AddRemove-{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1 - c:\program files (x86)\Square Enix\FINAL FANTASY VII\unins000.exe
AddRemove-Samsung Galaxy S4 Toolkit - c:\samsunggalaxys4toolkit\Uninstal.exe
AddRemove-UnityWebPlayer - c:\users\Donovan\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Donovan\AppData\Local\Temp\005B434.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:91,40,94,1f,e6,44,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,2f,d9,1b,cd,57,83,4a,b5,39,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,2f,d9,1b,cd,57,83,4a,b5,39,cd,\
.
[HKEY_USERS\S-1-5-21-1747785543-1256656071-13493864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1747785543-1256656071-13493864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1747785543-1256656071-13493864-1000\Software\SecuROM\License information*]
"datasecu"=hex:8b,39,84,a2,e4,6a,2a,30,90,79,47,d4,89,31,69,20,74,11,3a,37,41,
  38,c5,f1,97,64,01,da,69,ab,c9,94,9b,f4,82,7b,38,a3,a4,56,7a,65,ca,0c,3d,cf,\
"rkeysecu"=hex:d5,08,b7,83,83,8c,ca,b4,f7,56,32,69,51,1f,94,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Donovan\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
.
**************************************************************************
.
Voltooingstijd: 2014-05-12  00:51:18 - machine werd herstart
ComboFix-quarantined-files.txt  2014-05-11 22:51
.
Pre-Run: 219.636.633.600 bytes beschikbaar
Post-Run: 221.625.348.096 bytes beschikbaar
.
- - End Of File - - 6F61F3B343E9E4BD13E29810CD06E744
A36C5E4F47E84449FF07ED3517B43A31

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 10:56 pm

Antivirusses still didn't find the virus that's in my browser making a lot of words into anoying green links

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 11th May 2014, 11:27 pm

The log shows that Avast is out-of-date. Please get the updates at your earliest convience.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.
Normally, I would fix these using ComboFix but since it's running from an incorrect location I cannot do that. We'll try this and see if it works.

Please download: [You must be registered and logged in to see this link.] to your Desktop.

  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  • Accept the license agreement.
  • Open HijackThis and select Do a system scan only
  • Place a check mark next to the following entries: (if there)

    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com


  • Important: Close all open windows except for HijackThis and then click Fix checked.
    Once completed, exit HijackThis.

****************************************
Antivirusses still didn't find the virus that's in my browser making a lot of words into anoying green links.
What browser are you using? Can you provide me with a screenshot?
[You must be registered and logged in to see this link.]

When I try to install MBAM it gives me error 5: acces denied.
At what point do you receive this error? Can you try to install it in Safe Mode?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 11:45 pm

I'm using chrome,
Those green links you see are very anoing pop-ups. the 'hide ads' you see are also part of the virus
trying save mode again,

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 11th May 2014, 11:57 pm

Install also doesn't work on safe mode, it can't create/delete the malwarebyte map in program files, doesn't have the permission I think, the problem is I don't have the permission to, even if I give myself permission, this also seems to be with avast folder, my old eset folder with nothing in it, and some old files with 'reset' in their names and this is also the reason why I couldn't install anti-virusses in the first place

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 12:04 am

Tried installing on dekstop/different places even my external hdd. all doesn't work. Updating my anti-virus also doesn't work.
Lost my task manager after last reboot (tried that fix programm)

What's going on with my computer!? I need it for my exams starting tuesday...let's hope I can find another pc in time
netherless thank you for all your help and all the help you are going to give me further

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 12th May 2014, 12:21 am

Could you try uninstalling and re-installing Chrome.

Please download [You must be registered and logged in to see this link.] to the desktop and run it on the computer with the issue.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Make sure FRST is run under administrator privileges.
Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

  • Press "Scan".





  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 12:43 am

Alright, there are links in the log so I can't post them and the logs are extremely long (mostly the one month old things)

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 12:44 am

I do have the FSS log

Farbar Service Scanner Version: 03-05-2014
Ran by Donovan (administrator) on 12-05-2014 at 02:27:37
Running from "C:\Users\Donovan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 12:52 am

I tried editing out the links but it doesn't work, I know you don't like it but here are the logs to download for you

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 12th May 2014, 1:36 am

I can't understand what's up with your computer. Are you certain that you're following the instructions to install and run MBAM?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 2:00 am

Yes, I tried what I can, safemode, giving myself permissions, etc.

I don't get it either. can't we try something like remote control?
You controlling my pc via your pc? I don't know I really need my pc.

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 12th May 2014, 2:27 pm

If we could get MBAM running I'm sure it will help.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 3:10 pm

Is there any other way I can get mbam on my pc?

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 12th May 2014, 6:15 pm

Let's try something else.
Do you have the Windows 7 disk?



  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 8:53 pm

Well, my pc seems virus free, scanned it a couple times, no threats found

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 12th May 2014, 10:14 pm

But, yet you can't install MBAM.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 12th May 2014, 10:37 pm

Currently scanning. But it's taking his time, 11% 20 minutes in

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 13th May 2014, 4:22 pm

Eset scan took hours and hours to almost complete, then the programm crashed at 86%, no log, no nothing. Gotta do it all again

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 13th May 2014, 5:59 pm

There's something weird going on with that computer. It shouldn't take that long.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an [You must be registered and logged in to see this link.]

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a [You must be registered and logged in to see this link.] using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 13th May 2014, 7:11 pm

Found some damaged files, they can't all be restored, you want the log?

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 13th May 2014, 7:20 pm

[You must be registered and logged in to see this link.] wrote:Found some damaged files, they can't all be restored, you want the log?
No. Do you have your OS disk or do you have the Recovery Console on that computer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 13th May 2014, 7:26 pm

I think if i search a little I can find my OS lying around here somewhere.

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 13th May 2014, 10:07 pm

[You must be registered and logged in to see this link.] wrote:I think if i search a little I can find my OS lying around here somewhere.
If you can the OS disk, pop it in and run the SFC again. I should replace the files.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 13th May 2014, 10:23 pm

sadly I was wrong, only found the case it was in, cd disk is gone

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 13th May 2014, 10:31 pm

[You must be registered and logged in to see this link.] wrote:sadly I was wrong, only found the case it was in, cd disk is gone
Ok. Please try hitting F8 while your computer is booting to see if there is an option to repair your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 13th May 2014, 10:34 pm

alright i am going to do that now

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by MrNiceDonovan on 14th May 2014, 11:14 pm

That did not work, computer wouldn't start anymore for a while, just restarted it again and again and now it starts again.

MrNiceDonovan
Novice
Novice

Posts Posts : 30
Joined Joined : 2014-05-10
Gender Gender : Female
OS OS : Windows 7 home premium
Points Points : 9858
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Acces denied to ANY Antivirus.

Post by Superdave on 15th May 2014, 12:14 am

If you can find your OS disk you may be able to borrow one to run the SFC scan and repair the files but it must be exactly the same version that's on your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum