1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

0Access remnants? 0x80096001 MSE+Windows update fail

Discussion in 'Malware Removal' started by BaggedCat, Dec 22, 2011.

  1. BaggedCat

    BaggedCat Private E-2

    Hello,
    after removal of some trojan/0Access, i thought the pc was ok. a week later when doing the weekly scan i find out i get theses errors whenever i try to update:

    Microsoft Security Essentials
    Virus and spyware definitions update failed
    Security Essentials couldn't check for virus and spyware definition updates due to an Internet or newtowk connectivity issue.
    Error code 0x80096001

    Windows Update
    Windows could not search for new updates
    An error occurred while checking for new updates for your computer.
    Code 80096001

    (Inspiron 1545, Vista Home Basic, service pack2, 32bit OS)

    I went through the README.
    All went well except ComboFix. On running, it extracted, had a message to turn off MSE, I unchecked the real time protection in MSE, when I cliked ok to continue in ComboFix it just closed that window.
    all other logs attached

    Thanks in advance
     

    Attached Files:

  2. BaggedCat

    BaggedCat Private E-2

    Oh forgot to add the pc seems to run fine. no other noticable issues except:

    Windows Update wont update
    MSE wont update
    Windows defender and Windows Firewall wont turn on either so I'm using COMODO firewall for the time being.
    Also in Windows Security Centre it is odd that the malware protection tab states that MSE is not turned on although in the system tray MSE is 'green'/'protected'

    Internet is fine.
    pc speed is fine.
    IE is working ok. no redirecting or anything anymore.
    The only other thing i ran was avg remover.
     

    Attached Files:

  3. thisisu

    thisisu Malware Consultant

    Hi and welcome to Major Geeks, BaggedCat!

    [​IMG] From Programs and Features (via Control Panel), please uninstall the below:
    • COMODO Internet Security <--- you can reinstall AFTER malware removal
    • Java(TM) 6 Update 30 <--- Outdated
    • Microsoft Security Essentials <--- you can reinstall AFTER malware removal

    Now reboot your PC

    [​IMG] Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now open Repair_Windows.exe
    • Go to Start Repairs tab.
    • Choose "Custom Mode" and press "Start".
    • Create a System Restore point if prompted.
    • In the Custom Mode window, select the following repair options:
      • Reset Registry Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

    [​IMG] I want you to read and follow these instructions: TDSSKiller - How to run

    [​IMG] First, delete your existing ComboFix.exe.
    Then download a new copy of ComboFix from here to your desktop.
    Now run ComboFix.exe and attach the newest ComboFix.txt log to your next post. (How to attach)

    [​IMG] Backup Your Registry with ERUNT

    • Please download Erunt
    • Run the setup program to install ERUNT on your computer
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe

    [​IMG] Please download MiniRegTool.zip and unzip it.

    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSDRV\0000
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv

    • Check List Permissions radio button.
    • Press Go button and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.
     
  4. BaggedCat

    BaggedCat Private E-2

    Hello, thank you, much appreciated.

    COMODO Internet Security <--- removed ok
    Java(TM) 6 Update 30 <--- removed
    Microsoft Security Essentials <--- Error msg: missing filter manager rollup package 0x8004FF56. Restarted PC, MSE removed

    windows repair ran ok.
    TDSSKiller ran ok.
    Found unsigned objects
    Service:MREMP50
    Service:MRESP50
    Suspicious object, medium risk - Skipped
    ComboFix ran ok.
    ERUNT ran ok.
    Minireg ran ok.

    attached.
     

    Attached Files:

  5. thisisu

    thisisu Malware Consultant

    [​IMG] The items TDSSKiller found are OK. Don't remove them.

    We still have some work to do before we attempt to fix the firewall. Continue on with the below:

    [​IMG] Fixing items using ComboFix
    Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
    If it is not on your desktop, the below will not work.
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Open Notepad and copy/paste the text in the below code box into Notepad:
    Code:
    [COLOR="DarkRed"]KillAll::[/COLOR]
    [COLOR="DarkRed"]Driver::[/COLOR]
    cbveixlv
    MpKsl05597efb
    MpKsl0d6da5cd
    MpKsl1fbcf0bd
    MpKsl26e99f4c
    MpKsl2e0dc310
    MpKsl2e19aae2
    MpKsl346a9a34
    MpKsl383b352a
    MpKsl3e057976
    MpKsl66b673b4
    MpKsl7cd5bf15
    MpKsl8fd162e1
    MpKsl91e327c5
    MpKsl9401ce46
    MpKsl94f5cfac
    MpKsl973f11aa
    MpKsl9a9babd5
    MpKsla7809f5d
    MpKsla7a34570
    MpKslaade0620
    MpKslb0cedc53
    MpKslb16af39f
    MpKslc9b62ea2
    MpKslebb3e271
    MpKslf5842ae2
    [COLOR="DarkRed"]File::[/COLOR]
    c:\windows\system32\drivers\cbveixlv.sys
    [COLOR="DarkRed"]Folder::[/COLOR]
    c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    c:\programdata\Microsoft\Microsoft Antimalware
    c:\users\vicky\AppData\Local\3fef0066
    [COLOR="DarkRed"]RegLock::[/COLOR]
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:87,3d,09,a3,a9,be,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9d,05,43,45,d0,87,48,9d,f0,bd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9d,05,43,45,d0,87,48,9d,f0,bd,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.PARTIAL"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.WEBSITE"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    
    Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
    Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
    [​IMG]
    This will launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Allow ComboFix to update itself if prompted.
    When ComboFix finishes, a log will be produced at C:\ComboFix.txt
    Attach this log to your next message. (How to attach)
     
  6. BaggedCat

    BaggedCat Private E-2

    ok, log added from dragging script onto combofix attached.

    and have a merry christmas!
     

    Attached Files:

  7. thisisu

    thisisu Malware Consultant

    Merry Christmas to you too ;)

    It looks like we are ready to attempt to restore the firewall.

    Open this folder: C:\MGtools
    Inside this folder look for FixWFW.bat
    When you find it, right-mouse click it once and select "Run As Administrator".
    This only takes a split second to run.

    Now reboot your PC

    When you have rebooted, test out your firewall. It may be on now.

    [​IMG] Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
    This updates all of the logs inside MGlogs.zip.
    When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
     
  8. BaggedCat

    BaggedCat Private E-2

    yay, firewall is on.

    new MGLogs.zip attached
     

    Attached Files:

  9. thisisu

    thisisu Malware Consultant

    Great :)

    [​IMG] Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

    O18 - Protocol: KuGoo - (no CLSID) - (no file)
    O18 - Protocol: KuGoo3 - (no CLSID) - (no file)


    After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

    [​IMG] Fixing items using ComboFix
    Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
    If it is not on your desktop, the below will not work.
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Open Notepad and copy/paste the text in the below code box into Notepad:
    Code:
    [COLOR="DarkRed"]KillAll::[/COLOR]
    [COLOR="DarkRed"]ClearJavaCache::[/COLOR]
    [COLOR="DarkRed"]DirLook::[/COLOR]
    C:\Users\vicky\AppData\Local\{0033BDCD-B272-4816-8B80-F8FAF73BA0B5}
    C:\Users\vicky\AppData\Local\{007DA482-D2E9-49B9-B3F7-73798462E917}
    C:\Users\vicky\AppData\Local\{008BB260-17E0-44A6-A613-A0B68157C6E9}
    C:\Users\vicky\AppData\Local\{00C4FE1E-88DB-416F-B3EE-8EC0254E1FE9}
    C:\Users\vicky\AppData\Local\{01065EB0-7327-4EED-B9B2-87C422FA93B5}
    C:\Users\vicky\AppData\Local\{019D77EE-4D9F-4B91-8421-C1CF4721735A}
    C:\Users\vicky\AppData\Local\{01F0004C-D948-463F-8362-747AD2602F34}
    C:\Users\vicky\AppData\Local\{023BC08A-D78D-42F7-87D7-58AD8919553B}
    C:\Users\vicky\AppData\Local\{033AF53D-1EB8-4861-BC63-6EDE6E5071C4}
    C:\Users\vicky\AppData\Local\{04B2108A-8F96-4CAE-811B-63026D3D4A05}
    C:\Users\vicky\AppData\Local\{05159C92-140C-434D-AFB1-422DFA72F5BA}
    C:\Users\vicky\AppData\Local\{05E2043A-0B7D-4850-916D-4ABC60C73C28}
    C:\Users\vicky\AppData\Local\{07632ABA-1D2B-41EA-9DEF-C9E7F4EDD8F4}
    C:\Users\vicky\AppData\Local\{07A549CD-99B3-461E-B4DC-74614DE1E30A}
    C:\Users\vicky\AppData\Local\{094640BC-0216-487E-B2FA-A0128A81AA9E}
    C:\Users\vicky\AppData\Local\{099EBCBA-392D-4BAB-9B06-22C2030B674F}
    C:\Users\vicky\AppData\Local\{0A1EC6FE-8CBB-47F5-ACAB-6371B417C96A}
    C:\Users\vicky\AppData\Local\{0BEB45B3-0EB9-4699-A811-8BF2686E8B94}
    C:\Users\vicky\AppData\Local\{0C9414C1-31D7-4B3C-91B3-E528DA4D040B}
    C:\Users\vicky\AppData\Local\{0D24D941-9ECE-4305-B024-EE74DC869734}
    C:\Users\vicky\AppData\Local\{0EAD76BE-9A1A-4542-A765-9144A62EE2DF}
    C:\Users\vicky\AppData\Local\{0F0C4290-0485-4886-9A57-D071421F37AC}
    C:\Users\vicky\AppData\Local\{0F2039B1-9F47-4A89-A29F-985053ECF95F}
    C:\Users\vicky\AppData\Local\{0F347E88-9BD4-4A60-9B6A-01F620195810}
    C:\Users\vicky\AppData\Local\{0FF54D63-C6FF-4788-B227-1C1C1515044D}
    C:\Users\vicky\AppData\Local\{10B3CC2D-1AA7-4487-880F-2B9249334C4E}
    C:\Users\vicky\AppData\Local\{13C6859A-1FFE-4025-9524-4E942AF4AA0D}
    C:\Users\vicky\AppData\Local\{13F6FEE1-53E3-45DE-B1D7-8616FABDE502}
    C:\Users\vicky\AppData\Local\{15260D2A-A153-45AD-8ABF-438F14030C7C}
    C:\Users\vicky\AppData\Local\{177A12E1-9295-4AA6-AE0F-A59755C8CD11}
    C:\Users\vicky\AppData\Local\{180CB103-8EBE-4CB7-8DDD-AB9757C9873D}
    C:\Users\vicky\AppData\Local\{18B13824-0B7F-4920-8291-753953890C61}
    C:\Users\vicky\AppData\Local\{19105072-4886-4B31-8A86-28DE103AAA14}
    C:\Users\vicky\AppData\Local\{1A208E6D-E1F2-489C-9056-A430CC39BC09}
    C:\Users\vicky\AppData\Local\{1AAC836F-A9B4-412B-AC4B-29D5A93BDFCB}
    C:\Users\vicky\AppData\Local\{1B03DC05-B33B-4773-89EF-2834A7CF2621}
    C:\Users\vicky\AppData\Local\{1BA12603-6C55-412C-8554-4DB0D5CEF59E}
    C:\Users\vicky\AppData\Local\{1C6AB674-AB3E-4168-B3B8-D504E8816F62}
    C:\Users\vicky\AppData\Local\{1DA8A2FB-865F-438F-BF48-54397F11037A}
    C:\Users\vicky\AppData\Local\{1E36A0AF-AC3A-4963-8F1F-4089733B2DB6}
    C:\Users\vicky\AppData\Local\{20F9DC07-2FED-4CD0-9C86-8388D60B9BF2}
    C:\Users\vicky\AppData\Local\{21221E55-F84C-4B7C-8427-F35A98FB8B52}
    C:\Users\vicky\AppData\Local\{21418DD9-8743-433F-9616-77DAE48B7A23}
    C:\Users\vicky\AppData\Local\{223E7F16-0C59-4FEE-910C-582028C7A773}
    C:\Users\vicky\AppData\Local\{22BF174F-C41E-4B61-8EA0-AF4B2B01DB42}
    C:\Users\vicky\AppData\Local\{22CB0907-AB1B-4850-99B1-6E9A32A90947}
    C:\Users\vicky\AppData\Local\{240F62F2-D988-4733-AAF0-7F38C0A89666}
    C:\Users\vicky\AppData\Local\{2458892D-60A4-4918-8C41-FDEBACFBF389}
    C:\Users\vicky\AppData\Local\{249998B5-7184-4032-937A-38989F340449}
    C:\Users\vicky\AppData\Local\{25ED8F70-75EA-42C2-8630-7F3C4D3B40F9}
    C:\Users\vicky\AppData\Local\{2604BFA4-9117-454A-873B-E2F79883B38E}
    C:\Users\vicky\AppData\Local\{26D9EFE6-7AC7-41EE-BE4B-C9CAC1002E31}
    C:\Users\vicky\AppData\Local\{28C460CC-E251-4814-B998-EA57792EB6FE}
    C:\Users\vicky\AppData\Local\{28F1715C-D4DB-44B3-98A3-7134F12B6DA6}
    C:\Users\vicky\AppData\Local\{2A2A75C6-B383-4874-BE8B-11C58AC94878}
    C:\Users\vicky\AppData\Local\{2A512356-7F9A-4EA6-B063-7C41F68065B1}
    C:\Users\vicky\AppData\Local\{2A736131-ADEF-4730-88BB-4229F0E5D337}
    C:\Users\vicky\AppData\Local\{2B7912CC-8546-41A9-BA92-824AB7B888A2}
    C:\Users\vicky\AppData\Local\{2CD79D14-1856-4085-A102-FA77A390451A}
    C:\Users\vicky\AppData\Local\{2D7A2682-B86C-40DE-9C69-767DE1037B69}
    C:\Users\vicky\AppData\Local\{2EF04BD9-C5E1-4F06-B5F1-1ADD4DA45BA4}
    C:\Users\vicky\AppData\Local\{30A8EA0D-F56A-4FAC-B740-E8D42875BA1B}
    C:\Users\vicky\AppData\Local\{316774AE-C8A8-488B-8AEB-696AE60C922E}
    C:\Users\vicky\AppData\Local\{31E34A19-7E40-43B2-B905-88AFE15CC17A}
    C:\Users\vicky\AppData\Local\{31EF6A28-3318-4297-B38A-F10F3BC83594}
    C:\Users\vicky\AppData\Local\{3263C539-F486-4DC8-A2FA-CE2E0D08166A}
    C:\Users\vicky\AppData\Local\{32A3801C-2A93-449E-9755-AA6B4D76F917}
    C:\Users\vicky\AppData\Local\{32D44DB3-A345-4B58-9715-48155A368725}
    C:\Users\vicky\AppData\Local\{33576539-6324-47B1-AF05-02E413AC4DF1}
    C:\Users\vicky\AppData\Local\{33780847-F051-48E8-80C2-EDF13E545B6F}
    C:\Users\vicky\AppData\Local\{34B82413-3D2D-41E5-AA74-1595B0A93CF7}
    C:\Users\vicky\AppData\Local\{356DE570-01BC-44E8-8C0E-5EA637A59E67}
    C:\Users\vicky\AppData\Local\{358BBCDB-00AD-4C70-91C7-C6CC95236C5F}
    C:\Users\vicky\AppData\Local\{35C79E17-3E1E-475D-91DF-CF24E61DD74F}
    C:\Users\vicky\AppData\Local\{35F19296-A6B2-41C9-82A6-8C844ABF515D}
    C:\Users\vicky\AppData\Local\{374D7782-C494-44CD-9D73-845AE1F36AC6}
    C:\Users\vicky\AppData\Local\{3864CC6B-4D54-44BA-9F15-5AC675BD61BC}
    C:\Users\vicky\AppData\Local\{38C0B25C-E0F2-45D5-908C-89AEA3712C06}
    C:\Users\vicky\AppData\Local\{39F4F347-1376-41F3-9AD7-ED2126B0D399}
    C:\Users\vicky\AppData\Local\{3C5B0349-FFC5-4989-9DBD-0992DBB1C943}
    C:\Users\vicky\AppData\Local\{3D689A08-2886-4916-AFC3-7099143C7C9C}
    C:\Users\vicky\AppData\Local\{3DCC8E49-F2FA-459A-833A-593CFD38B9B5}
    C:\Users\vicky\AppData\Local\{3E6DE546-C468-46E8-BFCC-01A1E8F37B20}
    C:\Users\vicky\AppData\Local\{3F5DBF1F-E44B-47A8-BCC1-62BFF2B0B6B6}
    C:\Users\vicky\AppData\Local\{3FB42389-A031-4C50-88DC-ED2F99DDC08A}
    C:\Users\vicky\AppData\Local\{4075D620-8BEA-42EB-B33B-686BAAA7B2BE}
    C:\Users\vicky\AppData\Local\{40E0D9BA-8384-46BE-AD9E-A8886761FB51}
    C:\Users\vicky\AppData\Local\{414542D8-714F-4E8A-B648-A2A6CFA1DDB4}
    C:\Users\vicky\AppData\Local\{435EC4DE-731F-4609-A4B3-9625CFB899F9}
    C:\Users\vicky\AppData\Local\{44767BF9-79F5-4178-8FCA-4C8AF9251E76}
    C:\Users\vicky\AppData\Local\{44C2DC4D-CD1C-45D7-A254-33388E8EE37B}
    C:\Users\vicky\AppData\Local\{4557D51E-D7A5-45FE-A4DC-14B3F09223B2}
    C:\Users\vicky\AppData\Local\{45DAFD2F-97F9-4B05-B600-5DE932A668A5}
    C:\Users\vicky\AppData\Local\{46338AE6-0E54-4EB0-A693-E115DEA58853}
    C:\Users\vicky\AppData\Local\{4764F5AB-2AA4-4DDF-B73C-250A041C5977}
    C:\Users\vicky\AppData\Local\{49E93049-2B52-426A-A4C5-023AD5C1EA34}
    C:\Users\vicky\AppData\Local\{4A44EB14-C0CF-46AA-AB44-28431853212C}
    C:\Users\vicky\AppData\Local\{4AAC0768-D402-44B2-B02B-A7280CAB72F4}
    C:\Users\vicky\AppData\Local\{4B1D1A7F-15B2-4EC3-ACB6-C4F29A56BC7E}
    C:\Users\vicky\AppData\Local\{4C51B369-C19C-46A0-997E-BABAD7F089E6}
    C:\Users\vicky\AppData\Local\{4D8C7E3E-1195-4C30-AA96-B50618BA943E}
    C:\Users\vicky\AppData\Local\{4E0A14E3-2A6C-457D-8ACA-C20D12F9F37D}
    C:\Users\vicky\AppData\Local\{4E614173-1E19-47F0-A547-D1019A3CEDF0}
    C:\Users\vicky\AppData\Local\{4ED26206-7BC5-475C-B9F8-B5485BF629BE}
    C:\Users\vicky\AppData\Local\{50626E74-E239-4588-8F1E-C5DAF2F957E9}
    C:\Users\vicky\AppData\Local\{50D78E1B-9803-422E-BD68-B5A705089B7A}
    C:\Users\vicky\AppData\Local\{51299953-0623-4B9A-B525-4A9192D9705D}
    C:\Users\vicky\AppData\Local\{5262BA29-091C-419B-BAFB-EA58ACE3F9EB}
    C:\Users\vicky\AppData\Local\{53D8A97D-C2E9-4FBA-A871-8C53244C6725}
    C:\Users\vicky\AppData\Local\{55F70618-6D3D-4438-81F0-60CDEF7E1F83}
    C:\Users\vicky\AppData\Local\{563593B1-CF3D-47AB-B147-38B443C997D9}
    C:\Users\vicky\AppData\Local\{59F576C0-A37E-4E64-9AF8-6CD753C1AD77}
    C:\Users\vicky\AppData\Local\{5A72B6B5-02C3-42D1-865A-E9DB0737AC1E}
    C:\Users\vicky\AppData\Local\{5AA67064-79C3-4238-9537-14ACEE78E1F6}
    C:\Users\vicky\AppData\Local\{5AC9CD39-006F-44B5-B781-A83C5A64BE4F}
    C:\Users\vicky\AppData\Local\{5B408C5B-F448-4F63-AF28-B20F948D2D8F}
    C:\Users\vicky\AppData\Local\{5CCAAFB6-94F2-4784-9CD6-A0D026076B03}
    C:\Users\vicky\AppData\Local\{5DAD68D7-1EE4-4B1C-B29C-B523B12AD167}
    C:\Users\vicky\AppData\Local\{5DD7EC02-2A51-45BE-863D-2FB6C1AC6F5C}
    C:\Users\vicky\AppData\Local\{5DE394A6-81A9-4D1B-AA37-6F2A03061A50}
    C:\Users\vicky\AppData\Local\{5EB60413-357A-4916-AE36-F65C7669815E}
    C:\Users\vicky\AppData\Local\{5F86AE3B-A0DB-444C-8CB5-2C64ABC522A1}
    C:\Users\vicky\AppData\Local\{5FAD5F1F-FF88-4081-93D0-3BAF6438E7FD}
    C:\Users\vicky\AppData\Local\{5FE81721-6AD1-4CF3-BF0D-3BCF7922953A}
    C:\Users\vicky\AppData\Local\{604C2C49-3588-4FD4-AD57-91484EB95C85}
    C:\Users\vicky\AppData\Local\{612FA4AA-5F1C-4A40-903B-4DBABF5829B1}
    C:\Users\vicky\AppData\Local\{616E3BEA-0963-4E19-B184-DA1F2B7735E4}
    C:\Users\vicky\AppData\Local\{62AC31EB-B69D-4088-9250-747BB552987B}
    C:\Users\vicky\AppData\Local\{62B97A07-6924-4490-BC8E-9D79AA9B1C43}
    C:\Users\vicky\AppData\Local\{6375C0D3-41DF-4A2B-BC50-79D00A423DA8}
    C:\Users\vicky\AppData\Local\{644A7BA9-C938-4C6F-BF1C-8CF264D9C6DB}
    C:\Users\vicky\AppData\Local\{64A29311-B54A-4CFA-96BC-060C8FC483E5}
    C:\Users\vicky\AppData\Local\{64DD66B1-8BFB-41E3-91BD-4E72E7516890}
    C:\Users\vicky\AppData\Local\{64F363BD-E741-4454-B088-2025D4831A75}
    C:\Users\vicky\AppData\Local\{6595B027-AC4F-445E-A949-1ACF1DD7F88F}
    C:\Users\vicky\AppData\Local\{661E337D-3ADD-43D8-AF26-695BE21CA0E3}
    C:\Users\vicky\AppData\Local\{6783F1CB-F647-4001-9D93-B0CFF64020E4}
    C:\Users\vicky\AppData\Local\{6847A8E1-1849-4A0A-B6AE-2D5EEC5256A5}
    C:\Users\vicky\AppData\Local\{687D51B8-A08B-429E-8920-0617F0245D62}
    C:\Users\vicky\AppData\Local\{69C6930E-39D2-49EB-AEFB-FB5E65524AC5}
    C:\Users\vicky\AppData\Local\{6BA8C191-B1FD-4B50-9299-D90A76363CAE}
    C:\Users\vicky\AppData\Local\{6CCE8D75-5254-487A-A7FE-FBC7A4A91AFE}
    C:\Users\vicky\AppData\Local\{6D3A5EFA-5940-4493-BC12-56D21D0C26C5}
    C:\Users\vicky\AppData\Local\{6DB20799-67DC-4DB5-B0C0-67FC36A09162}
    C:\Users\vicky\AppData\Local\{6DEC9D1A-50C1-4352-B197-32C37AC558EE}
    C:\Users\vicky\AppData\Local\{6EB503EB-98CC-43CA-A9EC-25F11E884825}
    C:\Users\vicky\AppData\Local\{6F15AA74-5C9B-4CFD-9052-5D4C50CA03E3}
    C:\Users\vicky\AppData\Local\{700C6A04-F231-4F91-974A-32B2F957D826}
    C:\Users\vicky\AppData\Local\{709D1D5F-CD04-418D-9317-96E949C837E7}
    C:\Users\vicky\AppData\Local\{70A0FDDE-D74C-4E40-9CBE-8F72410881D7}
    C:\Users\vicky\AppData\Local\{7143F192-4817-4A83-A0AD-2F2979323788}
    C:\Users\vicky\AppData\Local\{7151444E-C2F5-4764-89C2-6CFD8CBFF073}
    C:\Users\vicky\AppData\Local\{724F4C18-DFC8-460C-977C-0FED3E6BA580}
    C:\Users\vicky\AppData\Local\{73296E43-5480-4723-B7D3-F460C692FF08}
    C:\Users\vicky\AppData\Local\{73E3F4E2-B5A3-4CEF-B6A6-3131FD8272F6}
    C:\Users\vicky\AppData\Local\{74F5BB8D-0C84-47A7-BB24-C10223767236}
    C:\Users\vicky\AppData\Local\{76C4DF5C-DEDC-4A41-A1EE-25195B637F4E}
    C:\Users\vicky\AppData\Local\{773C0B28-2D15-4440-B50F-AAE614DAFB65}
    C:\Users\vicky\AppData\Local\{7A434B2D-D37D-4BAD-BD51-24A44CA6F588}
    C:\Users\vicky\AppData\Local\{7A693059-6225-4A16-BDA9-7F96AD9CCAC8}
    C:\Users\vicky\AppData\Local\{7ADEDF4F-B36F-4DCC-9339-F1B30B7890B7}
    C:\Users\vicky\AppData\Local\{7CAA4960-B031-4F5C-8F5A-EF6391DD01EF}
    C:\Users\vicky\AppData\Local\{7D065DBE-A3E6-490A-B7DF-BF7ED1F6E239}
    C:\Users\vicky\AppData\Local\{7D1994FA-3221-4721-B0C0-412D565D3AC5}
    C:\Users\vicky\AppData\Local\{7E63625C-8F3C-477E-80C6-5F25E3EC6565}
    C:\Users\vicky\AppData\Local\{7F6B5412-4F72-45AE-9832-13311C02EEEB}
    C:\Users\vicky\AppData\Local\{7F7256F7-6649-4D65-AAC6-1AB3C47554CB}
    C:\Users\vicky\AppData\Local\{80D965A0-442A-43E7-9C18-88BCA587404A}
    C:\Users\vicky\AppData\Local\{82BE6153-0A9C-4B22-BEE5-E77B6FFCC529}
    C:\Users\vicky\AppData\Local\{83F25D44-7B22-4039-877E-B26CD1935311}
    C:\Users\vicky\AppData\Local\{8445182F-80A7-4AAD-87C1-FD5F8FFC6882}
    C:\Users\vicky\AppData\Local\{84D7F88C-D4DB-41F6-BF1F-2E73BB0A92A0}
    C:\Users\vicky\AppData\Local\{855C2C7F-1CAB-4A68-B876-E768549D55C9}
    C:\Users\vicky\AppData\Local\{855E1E39-075E-40FC-BC8A-4A6B7A8CC6B0}
    C:\Users\vicky\AppData\Local\{85608DD2-4A16-4E96-91B6-209A18AB0D19}
    C:\Users\vicky\AppData\Local\{85BE4582-C60F-4D89-A8F0-3F16C15C1A50}
    C:\Users\vicky\AppData\Local\{8681A09F-703E-4B28-AC2F-B3161C2D92CB}
    C:\Users\vicky\AppData\Local\{8A60DA7A-EE04-48C2-9331-ECA07E3F88AD}
    C:\Users\vicky\AppData\Local\{8B68F065-EA37-4AC2-B961-2B668F87D8B7}
    C:\Users\vicky\AppData\Local\{8C4AE6F4-AEFA-4BCA-8C3B-E6D7BB1BDB1D}
    C:\Users\vicky\AppData\Local\{8E46BD29-EEF7-4B47-89F5-F6A52A2A97B8}
    C:\Users\vicky\AppData\Local\{8E600F98-CE43-4E7F-9659-0D51B7B6DA35}
    C:\Users\vicky\AppData\Local\{906CCD89-3C1B-4E87-815D-558EAF303144}
    C:\Users\vicky\AppData\Local\{906ED6F4-5F10-49D4-A488-290DF49F5647}
    C:\Users\vicky\AppData\Local\{91C3601A-FAB5-4630-A7C5-ADAF075FFC6A}
    C:\Users\vicky\AppData\Local\{9262E5C1-9D50-4D50-ADB2-16F0A246F90F}
    C:\Users\vicky\AppData\Local\{93286195-E6CE-40C4-BA00-41A9ADB97206}
    C:\Users\vicky\AppData\Local\{9428C126-011E-4A6B-AC57-80962B71CB7C}
    C:\Users\vicky\AppData\Local\{9513D456-6BBD-4548-99DC-B723215478D4}
    C:\Users\vicky\AppData\Local\{967F37BE-F3D0-4B5D-AD2F-5EFD6F205084}
    C:\Users\vicky\AppData\Local\{979DDCF0-D5C1-4C79-9BE9-56D28348BBA8}
    C:\Users\vicky\AppData\Local\{987EAA77-ABFD-446D-AEF8-F408B81B29BC}
    C:\Users\vicky\AppData\Local\{98A0D4B7-9A33-40B4-AB1F-539CDAE713DE}
    C:\Users\vicky\AppData\Local\{9B63CB54-0C39-4465-B39F-88B3A2F0A9AC}
    C:\Users\vicky\AppData\Local\{9BEA627A-0817-4A1E-978A-E098871AED9E}
    C:\Users\vicky\AppData\Local\{9C72540F-86F4-436F-A1FD-32404DDBBFEF}
    C:\Users\vicky\AppData\Local\{9C91AFDD-E127-498E-B981-7AB25F4A434C}
    C:\Users\vicky\AppData\Local\{9CAD5124-055F-48C8-9714-27515C002C4C}
    C:\Users\vicky\AppData\Local\{9E747A09-6175-4259-9872-26753F6AFECC}
    C:\Users\vicky\AppData\Local\{9EA8FAC2-F214-4E58-8B85-E8C505E4C4EF}
    C:\Users\vicky\AppData\Local\{9FD64916-CE56-4545-AB45-941C16CC561B}
    C:\Users\vicky\AppData\Local\{A4A218A1-B593-4CF1-BF63-D48FDAB799B1}
    C:\Users\vicky\AppData\Local\{A4B2D48F-2FAD-4BD3-8F65-886BBD24FCE0}
    C:\Users\vicky\AppData\Local\{A4C0DB7D-6C82-4631-A43B-377A39D4F27E}
    C:\Users\vicky\AppData\Local\{A6F344A5-857C-4020-93BC-FF32FACD5928}
    C:\Users\vicky\AppData\Local\{A8B2E14E-9322-4F4C-890A-C1DCA4E3E188}
    C:\Users\vicky\AppData\Local\{A8ECB44C-B15E-409A-A450-A17928EBE5CB}
    C:\Users\vicky\AppData\Local\{A927B62B-999A-4714-8E76-D06CCA203A7D}
    C:\Users\vicky\AppData\Local\{AA3A95AA-6AA8-4172-80FA-5556304A3EAF}
    C:\Users\vicky\AppData\Local\{AB20AFD8-1B2B-4E13-BF24-C464ADB90558}
    C:\Users\vicky\AppData\Local\{AB2E79C3-77C7-4816-97CA-496F3E57C9EC}
    C:\Users\vicky\AppData\Local\{AD96CBC4-C273-4548-BBFA-40844EFC7613}
    C:\Users\vicky\AppData\Local\{AE69BEDB-6C1B-4BE9-B8D3-D7F0102898B8}
    C:\Users\vicky\AppData\Local\{AF1C86CC-08EF-493E-9CAD-49F218A479E0}
    C:\Users\vicky\AppData\Local\{AFB4177E-161C-44BA-8EAE-AD5527BA6C32}
    C:\Users\vicky\AppData\Local\{B00D7211-66F8-4096-9561-ED7F33EB9F56}
    C:\Users\vicky\AppData\Local\{B0C8DF5E-2CBD-49FC-848B-AC30DC5D5347}
    C:\Users\vicky\AppData\Local\{B202EA36-7328-480E-89F0-3DE990214AE7}
    C:\Users\vicky\AppData\Local\{B2272BD7-3BCD-4EDD-AC2E-D6268426054D}
    C:\Users\vicky\AppData\Local\{B253AC95-A0EF-46DA-BA13-C86E3FDDBD2D}
    C:\Users\vicky\AppData\Local\{B3874BDB-2E5E-4D91-B1CD-F4D6B5E8A3E5}
    C:\Users\vicky\AppData\Local\{B3E99C26-C5D4-4D7F-A9AF-ADCE45D2A5D0}
    C:\Users\vicky\AppData\Local\{B4C84CE4-DA13-4C8B-AF7A-E7DC428F52C7}
    C:\Users\vicky\AppData\Local\{B541A0EE-73AE-43D7-A7FA-E5D9B752AA8E}
    C:\Users\vicky\AppData\Local\{B5C2952F-E87D-4AA2-9AFD-C37BBE1A720A}
    C:\Users\vicky\AppData\Local\{B5F42DEE-CA6E-4CEC-92D9-345775B57326}
    C:\Users\vicky\AppData\Local\{B690764E-1104-4FB9-A762-52BFECFA60C6}
    C:\Users\vicky\AppData\Local\{B7206EEE-451A-42AD-8FAF-2ACA42A0B561}
    C:\Users\vicky\AppData\Local\{BA7011EC-0AE3-4B2F-BB01-506CE3AA4313}
    C:\Users\vicky\AppData\Local\{BC693746-FBA2-4F9D-A51D-5B9F5F9D6D7C}
    C:\Users\vicky\AppData\Local\{BCED5A0D-C99D-44E1-BFE6-58C871D8CE29}
    C:\Users\vicky\AppData\Local\{BCFC332F-D682-4B08-8AA9-DFA58AD745FC}
    C:\Users\vicky\AppData\Local\{BDB2029E-7697-4BAC-A8A0-AAC1E84B5574}
    C:\Users\vicky\AppData\Local\{BE3A80EC-9BC2-4836-AC0A-6C7FCDA13A95}
    C:\Users\vicky\AppData\Local\{C1306D69-C12D-4239-86B4-C6E074AA56D3}
    C:\Users\vicky\AppData\Local\{C1540795-C504-438A-A053-FFC4DB3C338D}
    C:\Users\vicky\AppData\Local\{C162EBBF-AC60-42E1-A642-2FC1A5EE1A02}
    C:\Users\vicky\AppData\Local\{C205D8B2-630A-4F11-8B03-D1A02E757926}
    C:\Users\vicky\AppData\Local\{C2FF2ECD-C8EA-4364-8F0E-885D1A7B390A}
    C:\Users\vicky\AppData\Local\{C4AA1350-E98E-49DF-8A2E-598FCC03D20C}
    C:\Users\vicky\AppData\Local\{C515F6D9-53AC-4212-AD65-C943A67BAAB5}
    C:\Users\vicky\AppData\Local\{C65DFADF-1FCB-48FB-9E36-4816F40BBCB9}
    C:\Users\vicky\AppData\Local\{C6CA562D-17B6-449F-8566-0D3888C8EA33}
    C:\Users\vicky\AppData\Local\{C7A53A73-6F76-41E8-B411-0AD275E9D963}
    C:\Users\vicky\AppData\Local\{C8644303-F5E0-4D8D-8CA1-F3794918C529}
    C:\Users\vicky\AppData\Local\{C8C39078-C089-4F58-8E14-20745C4EEB25}
    C:\Users\vicky\AppData\Local\{CB07A370-8482-464A-BB7A-4B62466CA620}
    C:\Users\vicky\AppData\Local\{CB5C7E1E-48F5-4CDF-A1A9-DC1C211614B2}
    C:\Users\vicky\AppData\Local\{CBABF205-DA60-4738-8E58-CC7C1DEDCF96}
    C:\Users\vicky\AppData\Local\{CBB78357-1265-4659-A321-9609134929B0}
    C:\Users\vicky\AppData\Local\{CC0CDC54-B747-4117-9A3F-27A058E3BB40}
    C:\Users\vicky\AppData\Local\{CC907145-2EB5-4126-8FD9-3826B2447F84}
    C:\Users\vicky\AppData\Local\{CCE146F5-5FCD-4817-9687-04D0A41FF40B}
    C:\Users\vicky\AppData\Local\{CE30A1D2-63C3-45A1-AAF5-7A2CCA8B406F}
    C:\Users\vicky\AppData\Local\{CF717364-80F2-405E-B2DC-AB1DC2856BA1}
    C:\Users\vicky\AppData\Local\{D0B466B4-978E-437E-9534-B918E33CF404}
    C:\Users\vicky\AppData\Local\{D10BF493-9900-4F93-BF2A-A5DB16003D7A}
    C:\Users\vicky\AppData\Local\{D1FA4B76-AEDD-47DE-BF8C-AE6631DA9034}
    C:\Users\vicky\AppData\Local\{D21F604F-D83F-443E-8C0E-AB8C0B0DB3B5}
    C:\Users\vicky\AppData\Local\{D2885067-FB5D-41F5-B48F-BB868F08A186}
    C:\Users\vicky\AppData\Local\{D7AD1FE1-E7D7-44B0-BA60-47885362CDDB}
    C:\Users\vicky\AppData\Local\{DB1C531D-770A-416A-ACE9-7C0F66E35AC5}
    C:\Users\vicky\AppData\Local\{DB9DCF3C-F98E-4C1F-81A7-980EB0E41797}
    C:\Users\vicky\AppData\Local\{DC6F41F7-2A0E-4ADB-B6FA-3AC068F01B89}
    C:\Users\vicky\AppData\Local\{DC955844-9A86-4F98-9F34-64F974539EBC}
    C:\Users\vicky\AppData\Local\{DC95B7D7-C481-4BA8-9CD9-1BE640155FAF}
    C:\Users\vicky\AppData\Local\{DCA5450C-C218-4EF4-80EC-A124925FF0DB}
    C:\Users\vicky\AppData\Local\{DCF7AD2F-F85E-4AFF-A302-A21ACBA53D2B}
    C:\Users\vicky\AppData\Local\{DD6013C1-45FE-410E-9F33-097A8BD8520C}
    C:\Users\vicky\AppData\Local\{E0A3832A-4628-4B85-8571-BAAA737FC9CB}
    C:\Users\vicky\AppData\Local\{E0B6F5DA-7B5A-41B9-A3C9-FAD596305724}
    C:\Users\vicky\AppData\Local\{E0E3AA9B-5626-422E-A45A-B42C7BBD1DD0}
    C:\Users\vicky\AppData\Local\{E148E21F-27CF-458F-8695-DE337C5B0447}
    C:\Users\vicky\AppData\Local\{E1C3BD3C-1092-4F0A-B0C7-16FC64533828}
    C:\Users\vicky\AppData\Local\{E356FA59-A24D-4B9E-BD7B-7E0666557CD6}
    C:\Users\vicky\AppData\Local\{E3E51A71-0239-46CC-87AD-04E41C64FC60}
    C:\Users\vicky\AppData\Local\{E77F142A-3889-4C97-9809-59F9A2CAAD2C}
    C:\Users\vicky\AppData\Local\{E7DE6E1F-A4F3-4957-934F-9C3AB1BAD1B3}
    C:\Users\vicky\AppData\Local\{E896B657-A101-44C5-A370-5E8AD2EDCE1C}
    C:\Users\vicky\AppData\Local\{E8BAC6C3-988B-41E4-A7EF-D21FD745501B}
    C:\Users\vicky\AppData\Local\{EB1731E5-F6D9-4F46-AB49-9E4029217DCB}
    C:\Users\vicky\AppData\Local\{EC65ED21-91A8-4A67-94DA-83C2296A66A1}
    C:\Users\vicky\AppData\Local\{EE680734-B876-4C0B-9D8D-5FCF022B5FDE}
    C:\Users\vicky\AppData\Local\{EED0C964-74AF-46B2-8829-54D943C4E427}
    C:\Users\vicky\AppData\Local\{EF8AC756-7740-4E54-B585-9E6155B03978}
    C:\Users\vicky\AppData\Local\{EFB78EDF-6AF5-4139-BEF8-D5BBBD5E6D12}
    C:\Users\vicky\AppData\Local\{EFE21566-5DC2-46B1-BF84-33459FC73A18}
    C:\Users\vicky\AppData\Local\{F0063EBE-34B3-48E0-BA30-E8D0D5BF9C27}
    C:\Users\vicky\AppData\Local\{F13B7CD8-531A-4ED4-836F-B97A299063F8}
    C:\Users\vicky\AppData\Local\{F4032E4E-0316-4EBA-AFDF-3B41643756B7}
    C:\Users\vicky\AppData\Local\{F4538D30-A159-43D6-A33C-12292732F070}
    C:\Users\vicky\AppData\Local\{F567870A-3609-4B68-84FE-1D82509E6ABD}
    C:\Users\vicky\AppData\Local\{F59AFCDB-FB66-4306-8B57-9A5BB2A6A8F8}
    C:\Users\vicky\AppData\Local\{F5AAF826-4667-457B-993A-D6F4EF4EF85D}
    C:\Users\vicky\AppData\Local\{F5DCD36A-CE96-4A1D-B68C-34839E5DA7A0}
    C:\Users\vicky\AppData\Local\{F839C8E2-4D96-46BA-A3A9-16326AA4D4F7}
    C:\Users\vicky\AppData\Local\{F84ACB17-8E4F-4543-869B-EE277C2CA3E7}
    C:\Users\vicky\AppData\Local\{F88270F3-DF5B-4084-B8B3-A65053115DAC}
    C:\Users\vicky\AppData\Local\{FD46DB9B-667A-49C6-80D3-B2CAE72605B9}
    C:\Users\vicky\AppData\Local\{FD7D163D-708E-4F98-86AF-8612C2CB155C}
    
    Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
    Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
    [​IMG]
    This will launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Allow ComboFix to update itself if prompted.
    When ComboFix finishes, a log will be produced at C:\ComboFix.txt
    Attach this log to your next message. (How to attach)

    [​IMG] Now install the current version of Sun Java from: jre-7u2-windows-i586.exe

    What malware problems remain?
     
  10. BaggedCat

    BaggedCat Private E-2

    O18 - Protocol: KuGoo - (no CLSID) - (no file)
    O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
    fixed with browsers closed.

    new ComboFixLog attached.

    new java installed.

    Issues still occuring:-
    Windows Update still not updating code 80096001

    Microsoft Security Essentials hasn't been reinstalled since you instructed me to remove it previously so i tried Windows defender.

    in Security Centre under malware protection tab when i try to enable windows defender i get error message:
    Security Centre Can't turn on Windows Defender. Please try again later.
     

    Attached Files:

  11. thisisu

    thisisu Malware Consultant

    [​IMG] Fixing items using ComboFix
    Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
    If it is not on your desktop, the below will not work.
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Open Notepad and copy/paste the text in the below code box into Notepad:
    Code:
    [COLOR="DarkRed"]Folder::[/COLOR]
    C:\Users\vicky\AppData\Local\{0033BDCD-B272-4816-8B80-F8FAF73BA0B5}
    C:\Users\vicky\AppData\Local\{007DA482-D2E9-49B9-B3F7-73798462E917}
    C:\Users\vicky\AppData\Local\{008BB260-17E0-44A6-A613-A0B68157C6E9}
    C:\Users\vicky\AppData\Local\{00C4FE1E-88DB-416F-B3EE-8EC0254E1FE9}
    C:\Users\vicky\AppData\Local\{01065EB0-7327-4EED-B9B2-87C422FA93B5}
    C:\Users\vicky\AppData\Local\{019D77EE-4D9F-4B91-8421-C1CF4721735A}
    C:\Users\vicky\AppData\Local\{01F0004C-D948-463F-8362-747AD2602F34}
    C:\Users\vicky\AppData\Local\{023BC08A-D78D-42F7-87D7-58AD8919553B}
    C:\Users\vicky\AppData\Local\{033AF53D-1EB8-4861-BC63-6EDE6E5071C4}
    C:\Users\vicky\AppData\Local\{04B2108A-8F96-4CAE-811B-63026D3D4A05}
    C:\Users\vicky\AppData\Local\{05159C92-140C-434D-AFB1-422DFA72F5BA}
    C:\Users\vicky\AppData\Local\{05E2043A-0B7D-4850-916D-4ABC60C73C28}
    C:\Users\vicky\AppData\Local\{07632ABA-1D2B-41EA-9DEF-C9E7F4EDD8F4}
    C:\Users\vicky\AppData\Local\{07A549CD-99B3-461E-B4DC-74614DE1E30A}
    C:\Users\vicky\AppData\Local\{094640BC-0216-487E-B2FA-A0128A81AA9E}
    C:\Users\vicky\AppData\Local\{099EBCBA-392D-4BAB-9B06-22C2030B674F}
    C:\Users\vicky\AppData\Local\{0A1EC6FE-8CBB-47F5-ACAB-6371B417C96A}
    C:\Users\vicky\AppData\Local\{0BEB45B3-0EB9-4699-A811-8BF2686E8B94}
    C:\Users\vicky\AppData\Local\{0C9414C1-31D7-4B3C-91B3-E528DA4D040B}
    C:\Users\vicky\AppData\Local\{0D24D941-9ECE-4305-B024-EE74DC869734}
    C:\Users\vicky\AppData\Local\{0EAD76BE-9A1A-4542-A765-9144A62EE2DF}
    C:\Users\vicky\AppData\Local\{0F0C4290-0485-4886-9A57-D071421F37AC}
    C:\Users\vicky\AppData\Local\{0F2039B1-9F47-4A89-A29F-985053ECF95F}
    C:\Users\vicky\AppData\Local\{0F347E88-9BD4-4A60-9B6A-01F620195810}
    C:\Users\vicky\AppData\Local\{0FF54D63-C6FF-4788-B227-1C1C1515044D}
    C:\Users\vicky\AppData\Local\{10B3CC2D-1AA7-4487-880F-2B9249334C4E}
    C:\Users\vicky\AppData\Local\{13C6859A-1FFE-4025-9524-4E942AF4AA0D}
    C:\Users\vicky\AppData\Local\{13F6FEE1-53E3-45DE-B1D7-8616FABDE502}
    C:\Users\vicky\AppData\Local\{15260D2A-A153-45AD-8ABF-438F14030C7C}
    C:\Users\vicky\AppData\Local\{177A12E1-9295-4AA6-AE0F-A59755C8CD11}
    C:\Users\vicky\AppData\Local\{180CB103-8EBE-4CB7-8DDD-AB9757C9873D}
    C:\Users\vicky\AppData\Local\{18B13824-0B7F-4920-8291-753953890C61}
    C:\Users\vicky\AppData\Local\{19105072-4886-4B31-8A86-28DE103AAA14}
    C:\Users\vicky\AppData\Local\{1A208E6D-E1F2-489C-9056-A430CC39BC09}
    C:\Users\vicky\AppData\Local\{1AAC836F-A9B4-412B-AC4B-29D5A93BDFCB}
    C:\Users\vicky\AppData\Local\{1B03DC05-B33B-4773-89EF-2834A7CF2621}
    C:\Users\vicky\AppData\Local\{1BA12603-6C55-412C-8554-4DB0D5CEF59E}
    C:\Users\vicky\AppData\Local\{1C6AB674-AB3E-4168-B3B8-D504E8816F62}
    C:\Users\vicky\AppData\Local\{1DA8A2FB-865F-438F-BF48-54397F11037A}
    C:\Users\vicky\AppData\Local\{1E36A0AF-AC3A-4963-8F1F-4089733B2DB6}
    C:\Users\vicky\AppData\Local\{20F9DC07-2FED-4CD0-9C86-8388D60B9BF2}
    C:\Users\vicky\AppData\Local\{21221E55-F84C-4B7C-8427-F35A98FB8B52}
    C:\Users\vicky\AppData\Local\{21418DD9-8743-433F-9616-77DAE48B7A23}
    C:\Users\vicky\AppData\Local\{223E7F16-0C59-4FEE-910C-582028C7A773}
    C:\Users\vicky\AppData\Local\{22BF174F-C41E-4B61-8EA0-AF4B2B01DB42}
    C:\Users\vicky\AppData\Local\{22CB0907-AB1B-4850-99B1-6E9A32A90947}
    C:\Users\vicky\AppData\Local\{240F62F2-D988-4733-AAF0-7F38C0A89666}
    C:\Users\vicky\AppData\Local\{2458892D-60A4-4918-8C41-FDEBACFBF389}
    C:\Users\vicky\AppData\Local\{249998B5-7184-4032-937A-38989F340449}
    C:\Users\vicky\AppData\Local\{25ED8F70-75EA-42C2-8630-7F3C4D3B40F9}
    C:\Users\vicky\AppData\Local\{2604BFA4-9117-454A-873B-E2F79883B38E}
    C:\Users\vicky\AppData\Local\{26D9EFE6-7AC7-41EE-BE4B-C9CAC1002E31}
    C:\Users\vicky\AppData\Local\{28C460CC-E251-4814-B998-EA57792EB6FE}
    C:\Users\vicky\AppData\Local\{28F1715C-D4DB-44B3-98A3-7134F12B6DA6}
    C:\Users\vicky\AppData\Local\{2A2A75C6-B383-4874-BE8B-11C58AC94878}
    C:\Users\vicky\AppData\Local\{2A512356-7F9A-4EA6-B063-7C41F68065B1}
    C:\Users\vicky\AppData\Local\{2A736131-ADEF-4730-88BB-4229F0E5D337}
    C:\Users\vicky\AppData\Local\{2B7912CC-8546-41A9-BA92-824AB7B888A2}
    C:\Users\vicky\AppData\Local\{2CD79D14-1856-4085-A102-FA77A390451A}
    C:\Users\vicky\AppData\Local\{2D7A2682-B86C-40DE-9C69-767DE1037B69}
    C:\Users\vicky\AppData\Local\{2EF04BD9-C5E1-4F06-B5F1-1ADD4DA45BA4}
    C:\Users\vicky\AppData\Local\{30A8EA0D-F56A-4FAC-B740-E8D42875BA1B}
    C:\Users\vicky\AppData\Local\{316774AE-C8A8-488B-8AEB-696AE60C922E}
    C:\Users\vicky\AppData\Local\{31E34A19-7E40-43B2-B905-88AFE15CC17A}
    C:\Users\vicky\AppData\Local\{31EF6A28-3318-4297-B38A-F10F3BC83594}
    C:\Users\vicky\AppData\Local\{3263C539-F486-4DC8-A2FA-CE2E0D08166A}
    C:\Users\vicky\AppData\Local\{32A3801C-2A93-449E-9755-AA6B4D76F917}
    C:\Users\vicky\AppData\Local\{32D44DB3-A345-4B58-9715-48155A368725}
    C:\Users\vicky\AppData\Local\{33576539-6324-47B1-AF05-02E413AC4DF1}
    C:\Users\vicky\AppData\Local\{33780847-F051-48E8-80C2-EDF13E545B6F}
    C:\Users\vicky\AppData\Local\{34B82413-3D2D-41E5-AA74-1595B0A93CF7}
    C:\Users\vicky\AppData\Local\{356DE570-01BC-44E8-8C0E-5EA637A59E67}
    C:\Users\vicky\AppData\Local\{358BBCDB-00AD-4C70-91C7-C6CC95236C5F}
    C:\Users\vicky\AppData\Local\{35C79E17-3E1E-475D-91DF-CF24E61DD74F}
    C:\Users\vicky\AppData\Local\{35F19296-A6B2-41C9-82A6-8C844ABF515D}
    C:\Users\vicky\AppData\Local\{374D7782-C494-44CD-9D73-845AE1F36AC6}
    C:\Users\vicky\AppData\Local\{3864CC6B-4D54-44BA-9F15-5AC675BD61BC}
    C:\Users\vicky\AppData\Local\{38C0B25C-E0F2-45D5-908C-89AEA3712C06}
    C:\Users\vicky\AppData\Local\{39F4F347-1376-41F3-9AD7-ED2126B0D399}
    C:\Users\vicky\AppData\Local\{3C5B0349-FFC5-4989-9DBD-0992DBB1C943}
    C:\Users\vicky\AppData\Local\{3D689A08-2886-4916-AFC3-7099143C7C9C}
    C:\Users\vicky\AppData\Local\{3DCC8E49-F2FA-459A-833A-593CFD38B9B5}
    C:\Users\vicky\AppData\Local\{3E6DE546-C468-46E8-BFCC-01A1E8F37B20}
    C:\Users\vicky\AppData\Local\{3F5DBF1F-E44B-47A8-BCC1-62BFF2B0B6B6}
    C:\Users\vicky\AppData\Local\{3FB42389-A031-4C50-88DC-ED2F99DDC08A}
    C:\Users\vicky\AppData\Local\{4075D620-8BEA-42EB-B33B-686BAAA7B2BE}
    C:\Users\vicky\AppData\Local\{40E0D9BA-8384-46BE-AD9E-A8886761FB51}
    C:\Users\vicky\AppData\Local\{414542D8-714F-4E8A-B648-A2A6CFA1DDB4}
    C:\Users\vicky\AppData\Local\{435EC4DE-731F-4609-A4B3-9625CFB899F9}
    C:\Users\vicky\AppData\Local\{44767BF9-79F5-4178-8FCA-4C8AF9251E76}
    C:\Users\vicky\AppData\Local\{44C2DC4D-CD1C-45D7-A254-33388E8EE37B}
    C:\Users\vicky\AppData\Local\{4557D51E-D7A5-45FE-A4DC-14B3F09223B2}
    C:\Users\vicky\AppData\Local\{45DAFD2F-97F9-4B05-B600-5DE932A668A5}
    C:\Users\vicky\AppData\Local\{46338AE6-0E54-4EB0-A693-E115DEA58853}
    C:\Users\vicky\AppData\Local\{4764F5AB-2AA4-4DDF-B73C-250A041C5977}
    C:\Users\vicky\AppData\Local\{49E93049-2B52-426A-A4C5-023AD5C1EA34}
    C:\Users\vicky\AppData\Local\{4A44EB14-C0CF-46AA-AB44-28431853212C}
    C:\Users\vicky\AppData\Local\{4AAC0768-D402-44B2-B02B-A7280CAB72F4}
    C:\Users\vicky\AppData\Local\{4B1D1A7F-15B2-4EC3-ACB6-C4F29A56BC7E}
    C:\Users\vicky\AppData\Local\{4C51B369-C19C-46A0-997E-BABAD7F089E6}
    C:\Users\vicky\AppData\Local\{4D8C7E3E-1195-4C30-AA96-B50618BA943E}
    C:\Users\vicky\AppData\Local\{4E0A14E3-2A6C-457D-8ACA-C20D12F9F37D}
    C:\Users\vicky\AppData\Local\{4E614173-1E19-47F0-A547-D1019A3CEDF0}
    C:\Users\vicky\AppData\Local\{4ED26206-7BC5-475C-B9F8-B5485BF629BE}
    C:\Users\vicky\AppData\Local\{50626E74-E239-4588-8F1E-C5DAF2F957E9}
    C:\Users\vicky\AppData\Local\{50D78E1B-9803-422E-BD68-B5A705089B7A}
    C:\Users\vicky\AppData\Local\{51299953-0623-4B9A-B525-4A9192D9705D}
    C:\Users\vicky\AppData\Local\{5262BA29-091C-419B-BAFB-EA58ACE3F9EB}
    C:\Users\vicky\AppData\Local\{53D8A97D-C2E9-4FBA-A871-8C53244C6725}
    C:\Users\vicky\AppData\Local\{55F70618-6D3D-4438-81F0-60CDEF7E1F83}
    C:\Users\vicky\AppData\Local\{563593B1-CF3D-47AB-B147-38B443C997D9}
    C:\Users\vicky\AppData\Local\{59F576C0-A37E-4E64-9AF8-6CD753C1AD77}
    C:\Users\vicky\AppData\Local\{5A72B6B5-02C3-42D1-865A-E9DB0737AC1E}
    C:\Users\vicky\AppData\Local\{5AA67064-79C3-4238-9537-14ACEE78E1F6}
    C:\Users\vicky\AppData\Local\{5AC9CD39-006F-44B5-B781-A83C5A64BE4F}
    C:\Users\vicky\AppData\Local\{5B408C5B-F448-4F63-AF28-B20F948D2D8F}
    C:\Users\vicky\AppData\Local\{5CCAAFB6-94F2-4784-9CD6-A0D026076B03}
    C:\Users\vicky\AppData\Local\{5DAD68D7-1EE4-4B1C-B29C-B523B12AD167}
    C:\Users\vicky\AppData\Local\{5DD7EC02-2A51-45BE-863D-2FB6C1AC6F5C}
    C:\Users\vicky\AppData\Local\{5DE394A6-81A9-4D1B-AA37-6F2A03061A50}
    C:\Users\vicky\AppData\Local\{5EB60413-357A-4916-AE36-F65C7669815E}
    C:\Users\vicky\AppData\Local\{5F86AE3B-A0DB-444C-8CB5-2C64ABC522A1}
    C:\Users\vicky\AppData\Local\{5FAD5F1F-FF88-4081-93D0-3BAF6438E7FD}
    C:\Users\vicky\AppData\Local\{5FE81721-6AD1-4CF3-BF0D-3BCF7922953A}
    C:\Users\vicky\AppData\Local\{604C2C49-3588-4FD4-AD57-91484EB95C85}
    C:\Users\vicky\AppData\Local\{612FA4AA-5F1C-4A40-903B-4DBABF5829B1}
    C:\Users\vicky\AppData\Local\{616E3BEA-0963-4E19-B184-DA1F2B7735E4}
    C:\Users\vicky\AppData\Local\{62AC31EB-B69D-4088-9250-747BB552987B}
    C:\Users\vicky\AppData\Local\{62B97A07-6924-4490-BC8E-9D79AA9B1C43}
    C:\Users\vicky\AppData\Local\{6375C0D3-41DF-4A2B-BC50-79D00A423DA8}
    C:\Users\vicky\AppData\Local\{644A7BA9-C938-4C6F-BF1C-8CF264D9C6DB}
    C:\Users\vicky\AppData\Local\{64A29311-B54A-4CFA-96BC-060C8FC483E5}
    C:\Users\vicky\AppData\Local\{64DD66B1-8BFB-41E3-91BD-4E72E7516890}
    C:\Users\vicky\AppData\Local\{64F363BD-E741-4454-B088-2025D4831A75}
    C:\Users\vicky\AppData\Local\{6595B027-AC4F-445E-A949-1ACF1DD7F88F}
    C:\Users\vicky\AppData\Local\{661E337D-3ADD-43D8-AF26-695BE21CA0E3}
    C:\Users\vicky\AppData\Local\{6783F1CB-F647-4001-9D93-B0CFF64020E4}
    C:\Users\vicky\AppData\Local\{6847A8E1-1849-4A0A-B6AE-2D5EEC5256A5}
    C:\Users\vicky\AppData\Local\{687D51B8-A08B-429E-8920-0617F0245D62}
    C:\Users\vicky\AppData\Local\{69C6930E-39D2-49EB-AEFB-FB5E65524AC5}
    C:\Users\vicky\AppData\Local\{6BA8C191-B1FD-4B50-9299-D90A76363CAE}
    C:\Users\vicky\AppData\Local\{6CCE8D75-5254-487A-A7FE-FBC7A4A91AFE}
    C:\Users\vicky\AppData\Local\{6D3A5EFA-5940-4493-BC12-56D21D0C26C5}
    C:\Users\vicky\AppData\Local\{6DB20799-67DC-4DB5-B0C0-67FC36A09162}
    C:\Users\vicky\AppData\Local\{6DEC9D1A-50C1-4352-B197-32C37AC558EE}
    C:\Users\vicky\AppData\Local\{6EB503EB-98CC-43CA-A9EC-25F11E884825}
    C:\Users\vicky\AppData\Local\{6F15AA74-5C9B-4CFD-9052-5D4C50CA03E3}
    C:\Users\vicky\AppData\Local\{700C6A04-F231-4F91-974A-32B2F957D826}
    C:\Users\vicky\AppData\Local\{709D1D5F-CD04-418D-9317-96E949C837E7}
    C:\Users\vicky\AppData\Local\{70A0FDDE-D74C-4E40-9CBE-8F72410881D7}
    C:\Users\vicky\AppData\Local\{7143F192-4817-4A83-A0AD-2F2979323788}
    C:\Users\vicky\AppData\Local\{7151444E-C2F5-4764-89C2-6CFD8CBFF073}
    C:\Users\vicky\AppData\Local\{724F4C18-DFC8-460C-977C-0FED3E6BA580}
    C:\Users\vicky\AppData\Local\{73296E43-5480-4723-B7D3-F460C692FF08}
    C:\Users\vicky\AppData\Local\{73E3F4E2-B5A3-4CEF-B6A6-3131FD8272F6}
    C:\Users\vicky\AppData\Local\{74F5BB8D-0C84-47A7-BB24-C10223767236}
    C:\Users\vicky\AppData\Local\{76C4DF5C-DEDC-4A41-A1EE-25195B637F4E}
    C:\Users\vicky\AppData\Local\{773C0B28-2D15-4440-B50F-AAE614DAFB65}
    C:\Users\vicky\AppData\Local\{7A434B2D-D37D-4BAD-BD51-24A44CA6F588}
    C:\Users\vicky\AppData\Local\{7A693059-6225-4A16-BDA9-7F96AD9CCAC8}
    C:\Users\vicky\AppData\Local\{7ADEDF4F-B36F-4DCC-9339-F1B30B7890B7}
    C:\Users\vicky\AppData\Local\{7CAA4960-B031-4F5C-8F5A-EF6391DD01EF}
    C:\Users\vicky\AppData\Local\{7D065DBE-A3E6-490A-B7DF-BF7ED1F6E239}
    C:\Users\vicky\AppData\Local\{7D1994FA-3221-4721-B0C0-412D565D3AC5}
    C:\Users\vicky\AppData\Local\{7E63625C-8F3C-477E-80C6-5F25E3EC6565}
    C:\Users\vicky\AppData\Local\{7F6B5412-4F72-45AE-9832-13311C02EEEB}
    C:\Users\vicky\AppData\Local\{7F7256F7-6649-4D65-AAC6-1AB3C47554CB}
    C:\Users\vicky\AppData\Local\{80D965A0-442A-43E7-9C18-88BCA587404A}
    C:\Users\vicky\AppData\Local\{82BE6153-0A9C-4B22-BEE5-E77B6FFCC529}
    C:\Users\vicky\AppData\Local\{83F25D44-7B22-4039-877E-B26CD1935311}
    C:\Users\vicky\AppData\Local\{8445182F-80A7-4AAD-87C1-FD5F8FFC6882}
    C:\Users\vicky\AppData\Local\{84D7F88C-D4DB-41F6-BF1F-2E73BB0A92A0}
    C:\Users\vicky\AppData\Local\{855C2C7F-1CAB-4A68-B876-E768549D55C9}
    C:\Users\vicky\AppData\Local\{855E1E39-075E-40FC-BC8A-4A6B7A8CC6B0}
    C:\Users\vicky\AppData\Local\{85608DD2-4A16-4E96-91B6-209A18AB0D19}
    C:\Users\vicky\AppData\Local\{85BE4582-C60F-4D89-A8F0-3F16C15C1A50}
    C:\Users\vicky\AppData\Local\{8681A09F-703E-4B28-AC2F-B3161C2D92CB}
    C:\Users\vicky\AppData\Local\{8A60DA7A-EE04-48C2-9331-ECA07E3F88AD}
    C:\Users\vicky\AppData\Local\{8B68F065-EA37-4AC2-B961-2B668F87D8B7}
    C:\Users\vicky\AppData\Local\{8C4AE6F4-AEFA-4BCA-8C3B-E6D7BB1BDB1D}
    C:\Users\vicky\AppData\Local\{8E46BD29-EEF7-4B47-89F5-F6A52A2A97B8}
    C:\Users\vicky\AppData\Local\{8E600F98-CE43-4E7F-9659-0D51B7B6DA35}
    C:\Users\vicky\AppData\Local\{906CCD89-3C1B-4E87-815D-558EAF303144}
    C:\Users\vicky\AppData\Local\{906ED6F4-5F10-49D4-A488-290DF49F5647}
    C:\Users\vicky\AppData\Local\{91C3601A-FAB5-4630-A7C5-ADAF075FFC6A}
    C:\Users\vicky\AppData\Local\{9262E5C1-9D50-4D50-ADB2-16F0A246F90F}
    C:\Users\vicky\AppData\Local\{93286195-E6CE-40C4-BA00-41A9ADB97206}
    C:\Users\vicky\AppData\Local\{9428C126-011E-4A6B-AC57-80962B71CB7C}
    C:\Users\vicky\AppData\Local\{9513D456-6BBD-4548-99DC-B723215478D4}
    C:\Users\vicky\AppData\Local\{967F37BE-F3D0-4B5D-AD2F-5EFD6F205084}
    C:\Users\vicky\AppData\Local\{979DDCF0-D5C1-4C79-9BE9-56D28348BBA8}
    C:\Users\vicky\AppData\Local\{987EAA77-ABFD-446D-AEF8-F408B81B29BC}
    C:\Users\vicky\AppData\Local\{98A0D4B7-9A33-40B4-AB1F-539CDAE713DE}
    C:\Users\vicky\AppData\Local\{9B63CB54-0C39-4465-B39F-88B3A2F0A9AC}
    C:\Users\vicky\AppData\Local\{9BEA627A-0817-4A1E-978A-E098871AED9E}
    C:\Users\vicky\AppData\Local\{9C72540F-86F4-436F-A1FD-32404DDBBFEF}
    C:\Users\vicky\AppData\Local\{9C91AFDD-E127-498E-B981-7AB25F4A434C}
    C:\Users\vicky\AppData\Local\{9CAD5124-055F-48C8-9714-27515C002C4C}
    C:\Users\vicky\AppData\Local\{9E747A09-6175-4259-9872-26753F6AFECC}
    C:\Users\vicky\AppData\Local\{9EA8FAC2-F214-4E58-8B85-E8C505E4C4EF}
    C:\Users\vicky\AppData\Local\{9FD64916-CE56-4545-AB45-941C16CC561B}
    C:\Users\vicky\AppData\Local\{A4A218A1-B593-4CF1-BF63-D48FDAB799B1}
    C:\Users\vicky\AppData\Local\{A4B2D48F-2FAD-4BD3-8F65-886BBD24FCE0}
    C:\Users\vicky\AppData\Local\{A4C0DB7D-6C82-4631-A43B-377A39D4F27E}
    C:\Users\vicky\AppData\Local\{A6F344A5-857C-4020-93BC-FF32FACD5928}
    C:\Users\vicky\AppData\Local\{A8B2E14E-9322-4F4C-890A-C1DCA4E3E188}
    C:\Users\vicky\AppData\Local\{A8ECB44C-B15E-409A-A450-A17928EBE5CB}
    C:\Users\vicky\AppData\Local\{A927B62B-999A-4714-8E76-D06CCA203A7D}
    C:\Users\vicky\AppData\Local\{AA3A95AA-6AA8-4172-80FA-5556304A3EAF}
    C:\Users\vicky\AppData\Local\{AB20AFD8-1B2B-4E13-BF24-C464ADB90558}
    C:\Users\vicky\AppData\Local\{AB2E79C3-77C7-4816-97CA-496F3E57C9EC}
    C:\Users\vicky\AppData\Local\{AD96CBC4-C273-4548-BBFA-40844EFC7613}
    C:\Users\vicky\AppData\Local\{AE69BEDB-6C1B-4BE9-B8D3-D7F0102898B8}
    C:\Users\vicky\AppData\Local\{AF1C86CC-08EF-493E-9CAD-49F218A479E0}
    C:\Users\vicky\AppData\Local\{AFB4177E-161C-44BA-8EAE-AD5527BA6C32}
    C:\Users\vicky\AppData\Local\{B00D7211-66F8-4096-9561-ED7F33EB9F56}
    C:\Users\vicky\AppData\Local\{B0C8DF5E-2CBD-49FC-848B-AC30DC5D5347}
    C:\Users\vicky\AppData\Local\{B202EA36-7328-480E-89F0-3DE990214AE7}
    C:\Users\vicky\AppData\Local\{B2272BD7-3BCD-4EDD-AC2E-D6268426054D}
    C:\Users\vicky\AppData\Local\{B253AC95-A0EF-46DA-BA13-C86E3FDDBD2D}
    C:\Users\vicky\AppData\Local\{B3874BDB-2E5E-4D91-B1CD-F4D6B5E8A3E5}
    C:\Users\vicky\AppData\Local\{B3E99C26-C5D4-4D7F-A9AF-ADCE45D2A5D0}
    C:\Users\vicky\AppData\Local\{B4C84CE4-DA13-4C8B-AF7A-E7DC428F52C7}
    C:\Users\vicky\AppData\Local\{B541A0EE-73AE-43D7-A7FA-E5D9B752AA8E}
    C:\Users\vicky\AppData\Local\{B5C2952F-E87D-4AA2-9AFD-C37BBE1A720A}
    C:\Users\vicky\AppData\Local\{B5F42DEE-CA6E-4CEC-92D9-345775B57326}
    C:\Users\vicky\AppData\Local\{B690764E-1104-4FB9-A762-52BFECFA60C6}
    C:\Users\vicky\AppData\Local\{B7206EEE-451A-42AD-8FAF-2ACA42A0B561}
    C:\Users\vicky\AppData\Local\{BA7011EC-0AE3-4B2F-BB01-506CE3AA4313}
    C:\Users\vicky\AppData\Local\{BC693746-FBA2-4F9D-A51D-5B9F5F9D6D7C}
    C:\Users\vicky\AppData\Local\{BCED5A0D-C99D-44E1-BFE6-58C871D8CE29}
    C:\Users\vicky\AppData\Local\{BCFC332F-D682-4B08-8AA9-DFA58AD745FC}
    C:\Users\vicky\AppData\Local\{BDB2029E-7697-4BAC-A8A0-AAC1E84B5574}
    C:\Users\vicky\AppData\Local\{BE3A80EC-9BC2-4836-AC0A-6C7FCDA13A95}
    C:\Users\vicky\AppData\Local\{C1306D69-C12D-4239-86B4-C6E074AA56D3}
    C:\Users\vicky\AppData\Local\{C1540795-C504-438A-A053-FFC4DB3C338D}
    C:\Users\vicky\AppData\Local\{C162EBBF-AC60-42E1-A642-2FC1A5EE1A02}
    C:\Users\vicky\AppData\Local\{C205D8B2-630A-4F11-8B03-D1A02E757926}
    C:\Users\vicky\AppData\Local\{C2FF2ECD-C8EA-4364-8F0E-885D1A7B390A}
    C:\Users\vicky\AppData\Local\{C4AA1350-E98E-49DF-8A2E-598FCC03D20C}
    C:\Users\vicky\AppData\Local\{C515F6D9-53AC-4212-AD65-C943A67BAAB5}
    C:\Users\vicky\AppData\Local\{C65DFADF-1FCB-48FB-9E36-4816F40BBCB9}
    C:\Users\vicky\AppData\Local\{C6CA562D-17B6-449F-8566-0D3888C8EA33}
    C:\Users\vicky\AppData\Local\{C7A53A73-6F76-41E8-B411-0AD275E9D963}
    C:\Users\vicky\AppData\Local\{C8644303-F5E0-4D8D-8CA1-F3794918C529}
    C:\Users\vicky\AppData\Local\{C8C39078-C089-4F58-8E14-20745C4EEB25}
    C:\Users\vicky\AppData\Local\{CB07A370-8482-464A-BB7A-4B62466CA620}
    C:\Users\vicky\AppData\Local\{CB5C7E1E-48F5-4CDF-A1A9-DC1C211614B2}
    C:\Users\vicky\AppData\Local\{CBABF205-DA60-4738-8E58-CC7C1DEDCF96}
    C:\Users\vicky\AppData\Local\{CBB78357-1265-4659-A321-9609134929B0}
    C:\Users\vicky\AppData\Local\{CC0CDC54-B747-4117-9A3F-27A058E3BB40}
    C:\Users\vicky\AppData\Local\{CC907145-2EB5-4126-8FD9-3826B2447F84}
    C:\Users\vicky\AppData\Local\{CCE146F5-5FCD-4817-9687-04D0A41FF40B}
    C:\Users\vicky\AppData\Local\{CE30A1D2-63C3-45A1-AAF5-7A2CCA8B406F}
    C:\Users\vicky\AppData\Local\{CF717364-80F2-405E-B2DC-AB1DC2856BA1}
    C:\Users\vicky\AppData\Local\{D0B466B4-978E-437E-9534-B918E33CF404}
    C:\Users\vicky\AppData\Local\{D10BF493-9900-4F93-BF2A-A5DB16003D7A}
    C:\Users\vicky\AppData\Local\{D1FA4B76-AEDD-47DE-BF8C-AE6631DA9034}
    C:\Users\vicky\AppData\Local\{D21F604F-D83F-443E-8C0E-AB8C0B0DB3B5}
    C:\Users\vicky\AppData\Local\{D2885067-FB5D-41F5-B48F-BB868F08A186}
    C:\Users\vicky\AppData\Local\{D7AD1FE1-E7D7-44B0-BA60-47885362CDDB}
    C:\Users\vicky\AppData\Local\{DB1C531D-770A-416A-ACE9-7C0F66E35AC5}
    C:\Users\vicky\AppData\Local\{DB9DCF3C-F98E-4C1F-81A7-980EB0E41797}
    C:\Users\vicky\AppData\Local\{DC6F41F7-2A0E-4ADB-B6FA-3AC068F01B89}
    C:\Users\vicky\AppData\Local\{DC955844-9A86-4F98-9F34-64F974539EBC}
    C:\Users\vicky\AppData\Local\{DC95B7D7-C481-4BA8-9CD9-1BE640155FAF}
    C:\Users\vicky\AppData\Local\{DCA5450C-C218-4EF4-80EC-A124925FF0DB}
    C:\Users\vicky\AppData\Local\{DCF7AD2F-F85E-4AFF-A302-A21ACBA53D2B}
    C:\Users\vicky\AppData\Local\{DD6013C1-45FE-410E-9F33-097A8BD8520C}
    C:\Users\vicky\AppData\Local\{E0A3832A-4628-4B85-8571-BAAA737FC9CB}
    C:\Users\vicky\AppData\Local\{E0B6F5DA-7B5A-41B9-A3C9-FAD596305724}
    C:\Users\vicky\AppData\Local\{E0E3AA9B-5626-422E-A45A-B42C7BBD1DD0}
    C:\Users\vicky\AppData\Local\{E148E21F-27CF-458F-8695-DE337C5B0447}
    C:\Users\vicky\AppData\Local\{E1C3BD3C-1092-4F0A-B0C7-16FC64533828}
    C:\Users\vicky\AppData\Local\{E356FA59-A24D-4B9E-BD7B-7E0666557CD6}
    C:\Users\vicky\AppData\Local\{E3E51A71-0239-46CC-87AD-04E41C64FC60}
    C:\Users\vicky\AppData\Local\{E77F142A-3889-4C97-9809-59F9A2CAAD2C}
    C:\Users\vicky\AppData\Local\{E7DE6E1F-A4F3-4957-934F-9C3AB1BAD1B3}
    C:\Users\vicky\AppData\Local\{E896B657-A101-44C5-A370-5E8AD2EDCE1C}
    C:\Users\vicky\AppData\Local\{E8BAC6C3-988B-41E4-A7EF-D21FD745501B}
    C:\Users\vicky\AppData\Local\{EB1731E5-F6D9-4F46-AB49-9E4029217DCB}
    C:\Users\vicky\AppData\Local\{EC65ED21-91A8-4A67-94DA-83C2296A66A1}
    C:\Users\vicky\AppData\Local\{EE680734-B876-4C0B-9D8D-5FCF022B5FDE}
    C:\Users\vicky\AppData\Local\{EED0C964-74AF-46B2-8829-54D943C4E427}
    C:\Users\vicky\AppData\Local\{EF8AC756-7740-4E54-B585-9E6155B03978}
    C:\Users\vicky\AppData\Local\{EFB78EDF-6AF5-4139-BEF8-D5BBBD5E6D12}
    C:\Users\vicky\AppData\Local\{EFE21566-5DC2-46B1-BF84-33459FC73A18}
    C:\Users\vicky\AppData\Local\{F0063EBE-34B3-48E0-BA30-E8D0D5BF9C27}
    C:\Users\vicky\AppData\Local\{F13B7CD8-531A-4ED4-836F-B97A299063F8}
    C:\Users\vicky\AppData\Local\{F4032E4E-0316-4EBA-AFDF-3B41643756B7}
    C:\Users\vicky\AppData\Local\{F4538D30-A159-43D6-A33C-12292732F070}
    C:\Users\vicky\AppData\Local\{F567870A-3609-4B68-84FE-1D82509E6ABD}
    C:\Users\vicky\AppData\Local\{F59AFCDB-FB66-4306-8B57-9A5BB2A6A8F8}
    C:\Users\vicky\AppData\Local\{F5AAF826-4667-457B-993A-D6F4EF4EF85D}
    C:\Users\vicky\AppData\Local\{F5DCD36A-CE96-4A1D-B68C-34839E5DA7A0}
    C:\Users\vicky\AppData\Local\{F839C8E2-4D96-46BA-A3A9-16326AA4D4F7}
    C:\Users\vicky\AppData\Local\{F84ACB17-8E4F-4543-869B-EE277C2CA3E7}
    C:\Users\vicky\AppData\Local\{F88270F3-DF5B-4084-B8B3-A65053115DAC}
    C:\Users\vicky\AppData\Local\{FD46DB9B-667A-49C6-80D3-B2CAE72605B9}
    C:\Users\vicky\AppData\Local\{FD7D163D-708E-4F98-86AF-8612C2CB155C}
    
    Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
    Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
    [​IMG]
    This will launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Allow ComboFix to update itself if prompted.
    When ComboFix finishes, a log will be produced at C:\ComboFix.txt
    Attach this log to your next message. (How to attach)

    Try using the automated troubleshooter from this link: http://support.microsoft.com/kb/971058
    Try "Aggressive Mode" if it is available.

    If it works, reinstall MSE and then run the below:
    If it did not work, do not install MSE just yet, but proceed with the below:

    [​IMG] Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
    This updates all of the logs inside MGlogs.zip.
    When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
     
  12. BaggedCat

    BaggedCat Private E-2

    Used combofix with new script. log attached.

    Microsoft FixIt troubleshooter:-
    no aggressive mode option.
    Msg after completed:-
    "Windows Update components configured incorrectly - fixed"
    Msg. "No problems need attention."

    Windows Update still doesn't work. same error 80096001

    new MGlogs attached
     

    Attached Files:

  13. BaggedCat

    BaggedCat Private E-2

    new info:-
    while in the drop down tabs on the right in Security Centre gave a not so helpful

    "Security Centre Can't turn on Windows Defender. Please try again later."

    clicking Windows Defender in the left pane of Security Centre gave a more helpful message with a code.

    "Windows Defender
    Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service."
     
  14. thisisu

    thisisu Malware Consultant

    Are you able to click the "Check for Updates" button?

    I'm trying to find out when exactly do you receive that error message.

    Edit: Did not see your last message. Go ahead and answer mine and I will review your latest message.
     
  15. BaggedCat

    BaggedCat Private E-2

    hi,
    i can see the 'check for updates' button.
    when i click it it does a green loading bar for about 2 seconds then i get the failed error. pic attached
     

    Attached Files:

  16. thisisu

    thisisu Malware Consultant

    I am attaching a register.zip to this message.

    Inside of it is:
    register.bat

    Extract register.bat to your desktop.
    Right-mouse click it once and select "Run as Administrator".
    When it's done, Notepad (log.txt) should have opened.
    Close Notepad and attach log.txt to your next message. (it should be on your desktop)

    Then reboot your PC and retry Windows Update.
     

    Attached Files:

  17. BaggedCat

    BaggedCat Private E-2

    the log.txt says:
    [SC] SetServiceObjectSecurity SUCCESS

    the Notepad that opened says:
    BITSADMIN version 3.0 [ 7.0.6001 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    0 out of 0 jobs canceled.

    after reboot, Windows Update still gave same error.
     

    Attached Files:

    • log.txt
      File size:
      39 bytes
      Views:
      3
  18. thisisu

    thisisu Malware Consultant

    I am uploading MicrosoftFixit50202.zip

    Inside of it is MicrosoftFixit50202.msi
    Extract MicrosoftFixit50202.msi to your desktop.

    When asked which mode would you like to proceed in -- Choose "Aggressive".
    Let this run and then reboot for changes to occur.

    Then retry Windows Update.
     

    Attached Files:

  19. thisisu

    thisisu Malware Consultant

    The Windows Defender service is gone according to your logs.

    This is becoming a common occurrence now with today's malware infections.
    We are seeing more and more services get completely deleted from compromised systems.

    The Windows Defender is not a big loss if we can get MSE to work as MSE would have disabled Windows Defender anyway (they both would not run together).

    Your Windows Update service appears to be in tact still and the logs report that it is running properly.
    __________________________________________________

    After you have attempted MicrosoftFixit50202.msi, try reinstalling MSE and let me know how that goes.
     
  20. BaggedCat

    BaggedCat Private E-2

    Same error still occurs with Windows Update after running MicrosoftFixit50202.msi in aggressive mode and restarting. :cry

    After installing MSE it auto updated and autoscanned.
    The system tray icon is green and says Protected.

    However if i click update again it gives an error. pic attached.
    'Virus and spyware definitions - connection failed'

    I'll have to leave it tonight. big day tomorrow, going to get some sleep. :) have a nice christmas!
     

    Attached Files:

    • MSE.jpg
      MSE.jpg
      File size:
      99.2 KB
      Views:
      7
  21. thisisu

    thisisu Malware Consultant

    Merry Christmas to you too! :)
    Here are the next steps I would like you to take whenever you get a chance.

    ___________________________________________________

    [​IMG] Please download RogueKiller by Tigzy to your desktop.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the number "1" and press ENTER.
    When it is finished -- Notepad will open with the report and the log is saved to your desktop.
    Attach RKreport[1].txt to your next message. (How to attach)
    You can now type the number "0" and press ENTER to exit RogueKiller.
     
  22. thisisu

    thisisu Malware Consultant

    Think I see the part of the problem with MSE

    Code:
    R3 NisSrv;NisSrv; [x]
    ______________________________

    Please download and run ComboFix and attach its latest log whenever you get a chance.

    Also include a new MGlogs.zip ;)
     
    Last edited: Dec 25, 2011
  23. BaggedCat

    BaggedCat Private E-2

    hiya,
    ComboFix found zeroAccess rootkit.
    ComboFix rebooted the pc and finished running itself.
    log attached.
    new MGlogs attached also.

    MSE has turned off and does not appear in the system tray, but i can turn it on in Windows Security Centre's Malware protection tab.
    It says 'You are about to run a program that did not come with windows. Do you trust this program? msseces.exe'
    I have a choice 'yes i trust it/cancel'
    I haven't turned it on yet.

    Edit:After rebooting MSE appears in the system tray as 'green and protected', but under Windows Security Centre's Malware protection tab it says 'MSE reports that it is turned off.'
     

    Attached Files:

    Last edited: Dec 26, 2011
  24. thisisu

    thisisu Malware Consultant

    Are you able to update MSE after the reboot or does it still fail?
    If not, see if this helps: mpam-fe.exe

    Also please scan with RogueKiller and let's see what that finds.
     
  25. BaggedCat

    BaggedCat Private E-2

    RogueKiller report attached.
    MSE update failed.
    Still failed after mpam-fe.exe
    Windows Security Centre is picking it up as on now though.
     

    Attached Files:

  26. thisisu

    thisisu Malware Consultant

    [​IMG] Please download Win32kDiag to the root of your C:\ drive. It must be saved here or the below will not work!
    • Now press and hold the [​IMG] Windows key on your keyboard, then press the letter r on your keyboard.
    • This opens the Run dialog box.
    • Then copy the below bold text and paste it into the Open: text-field and press ENTER.
      C:\win32kdiag.exe -f -r
    • When it's finished, there will be a log called Win32kDiag.txt on your desktop.
    • Attach this log to your next message. (How to attach)



    Download Junction by Mark Russinovich to your desktop.
    • Extract junction.exe to your desktop.
    • Now press and hold the [​IMG] Windows key on your keyboard, then press the letter r on your keyboard.
    • This opens the Run dialog box.
    • Then copy the below bold text and paste it into the Open: text-field and press ENTER.
      cmd /c %userprofile%\desktop\junction -s c:\ >%userprofile%\desktop\junction.txt
    • When it's finished, there will be a log called junction.txt on your desktop.
    • Attach this log to your next message. (How to attach items to your post)
     
  27. BaggedCat

    BaggedCat Private E-2

    Msg box popped up:-

    "Win32Diag Error
    Windows Version Vista SP2
    Exception code 0x0000005
    Exception Address 0x011a2415
    Attempt to write to address 0x00000000"

    and then it said it had to shut down due to an unknown error
     

    Attached Files:

  28. thisisu

    thisisu Malware Consultant

    This looks to be more Windows related as I am not finding anymore malware in your logs.

    I would recommend creating a topic in the Software forum for additional assistance about MSE Updates and Windows Update.

    ________________________________________________________

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis if it present
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work through the below link:
     
  29. thisisu

    thisisu Malware Consultant

    Hi,

    If you are still there and have not resolved this yet; Can you try what is posted here?
     
  30. BaggedCat

    BaggedCat Private E-2

    hiya.
    thanks for the update. the issue has been resolved.
    MS support talked me through an 'inplace upgrade', basically reinstalling windows without losing personal data.

    thanks for your help.
     
  31. thisisu

    thisisu Malware Consultant

    No problem.

    Take care and be safe! :)
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds