MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-22-11, 16:11
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default 0Access remnants? 0x80096001 MSE+Windows update fail

Hello,
after removal of some trojan/0Access, i thought the pc was ok. a week later when doing the weekly scan i find out i get theses errors whenever i try to update:

Microsoft Security Essentials
Virus and spyware definitions update failed
Security Essentials couldn't check for virus and spyware definition updates due to an Internet or newtowk connectivity issue.
Error code 0x80096001

Windows Update
Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Code 80096001

(Inspiron 1545, Vista Home Basic, service pack2, 32bit OS)

I went through the README.
All went well except ComboFix. On running, it extracted, had a message to turn off MSE, I unchecked the real time protection in MSE, when I cliked ok to continue in ComboFix it just closed that window.
all other logs attached

Thanks in advance
Attached Files
File Type: txt mbam-log-2011-12-21 (13-47-37).txt (922 Bytes, 2 views)
File Type: log SAS.log (589 Bytes, 2 views)
File Type: txt RootRepeal.txt (80.2 KB, 3 views)
File Type: zip MGlogs.zip (296.5 KB, 10 views)
Reply With Quote
Sponsored links
  #2  
Old 12-22-11, 16:24
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Oh forgot to add the pc seems to run fine. no other noticable issues except:

Windows Update wont update
MSE wont update
Windows defender and Windows Firewall wont turn on either so I'm using COMODO firewall for the time being.
Also in Windows Security Centre it is odd that the malware protection tab states that MSE is not turned on although in the system tray MSE is 'green'/'protected'

Internet is fine.
pc speed is fine.
IE is working ok. no redirecting or anything anymore.
The only other thing i ran was avg remover.
Attached Files
File Type: log avgremover.log (251.2 KB, 2 views)
Reply With Quote
  #3  
Old 12-22-11, 18:56
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Hi and welcome to Major Geeks, BaggedCat!

From Programs and Features (via Control Panel), please uninstall the below:
  • COMODO Internet Security <--- you can reinstall AFTER malware removal
  • Java(TM) 6 Update 30 <--- Outdated
  • Microsoft Security Essentials <--- you can reinstall AFTER malware removal

Now reboot your PC

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
  • Now open Repair_Windows.exe
  • Go to Start Repairs tab.
  • Choose "Custom Mode" and press "Start".
  • Create a System Restore point if prompted.
  • In the Custom Mode window, select the following repair options:
    • Reset Registry Permissions
    • Register System Files
    • Repair WMI
    • Remove Policies Set By Infections
    • Repair Winsock & DNS Cache
    • Repair Proxy Settings
    • Repair Windows Updates
  • Now click the Start button.
  • Be patient while the tool repairs the selected items.
  • If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

I want you to read and follow these instructions: TDSSKiller - How to run

First, delete your existing ComboFix.exe.
Then download a new copy of ComboFix from here to your desktop.
Now run ComboFix.exe and attach the newest ComboFix.txt log to your next post. (How to attach)

Backup Your Registry with ERUNT
  • Please download Erunt
  • Run the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please download MiniRegTool.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSDRV\0000
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv
  • Check List Permissions radio button.
  • Press Go button and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #4  
Old 12-23-11, 05:23
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Hello, thank you, much appreciated.

COMODO Internet Security <--- removed ok
Java(TM) 6 Update 30 <--- removed
Microsoft Security Essentials <--- Error msg: missing filter manager rollup package 0x8004FF56. Restarted PC, MSE removed

windows repair ran ok.
TDSSKiller ran ok.
Found unsigned objects
Service:MREMP50
Service:MRESP50
Suspicious object, medium risk - Skipped
ComboFix ran ok.
ERUNT ran ok.
Minireg ran ok.

attached.
Attached Files
File Type: txt ComboFixLog.txt (17.1 KB, 6 views)
File Type: txt MiniRegToolResult.txt (1.6 KB, 4 views)
File Type: txt TDSSKiller.2.6.24.0_23.12.2011_09.30.51_log.txt (150.2 KB, 4 views)
Reply With Quote
  #5  
Old 12-23-11, 19:03
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

The items TDSSKiller found are OK. Don't remove them.

We still have some work to do before we attempt to fix the firewall. Continue on with the below:

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
KillAll::
Driver::
cbveixlv
MpKsl05597efb
MpKsl0d6da5cd
MpKsl1fbcf0bd
MpKsl26e99f4c
MpKsl2e0dc310
MpKsl2e19aae2
MpKsl346a9a34
MpKsl383b352a
MpKsl3e057976
MpKsl66b673b4
MpKsl7cd5bf15
MpKsl8fd162e1
MpKsl91e327c5
MpKsl9401ce46
MpKsl94f5cfac
MpKsl973f11aa
MpKsl9a9babd5
MpKsla7809f5d
MpKsla7a34570
MpKslaade0620
MpKslb0cedc53
MpKslb16af39f
MpKslc9b62ea2
MpKslebb3e271
MpKslf5842ae2
File::
c:\windows\system32\drivers\cbveixlv.sys
Folder::
c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
c:\programdata\Microsoft\Microsoft Antimalware
c:\users\vicky\AppData\Local\3fef0066
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:87,3d,09,a3,a9,be,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9d,05,43,45,d0,87,48,9d,f0,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9d,05,43,45,d0,87,48,9d,f0,bd,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.

This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Sponsored links
  #6  
Old 12-24-11, 05:56
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

ok, log added from dragging script onto combofix attached.

and have a merry christmas!
Attached Files
File Type: txt ComboFixLog.txt (13.7 KB, 2 views)
Reply With Quote
  #7  
Old 12-24-11, 09:08
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Merry Christmas to you too

It looks like we are ready to attempt to restore the firewall.

Open this folder: C:\MGtools
Inside this folder look for FixWFW.bat
When you find it, right-mouse click it once and select "Run As Administrator".
This only takes a split second to run.

Now reboot your PC

When you have rebooted, test out your firewall. It may be on now.

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #8  
Old 12-24-11, 10:03
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

yay, firewall is on.

new MGLogs.zip attached
Attached Files
File Type: zip MGlogs.zip (355.4 KB, 3 views)
Reply With Quote
  #9  
Old 12-24-11, 11:39
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Great

Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)


After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
KillAll::
ClearJavaCache::
DirLook::
C:\Users\vicky\AppData\Local\{0033BDCD-B272-4816-8B80-F8FAF73BA0B5}
C:\Users\vicky\AppData\Local\{007DA482-D2E9-49B9-B3F7-73798462E917}
C:\Users\vicky\AppData\Local\{008BB260-17E0-44A6-A613-A0B68157C6E9}
C:\Users\vicky\AppData\Local\{00C4FE1E-88DB-416F-B3EE-8EC0254E1FE9}
C:\Users\vicky\AppData\Local\{01065EB0-7327-4EED-B9B2-87C422FA93B5}
C:\Users\vicky\AppData\Local\{019D77EE-4D9F-4B91-8421-C1CF4721735A}
C:\Users\vicky\AppData\Local\{01F0004C-D948-463F-8362-747AD2602F34}
C:\Users\vicky\AppData\Local\{023BC08A-D78D-42F7-87D7-58AD8919553B}
C:\Users\vicky\AppData\Local\{033AF53D-1EB8-4861-BC63-6EDE6E5071C4}
C:\Users\vicky\AppData\Local\{04B2108A-8F96-4CAE-811B-63026D3D4A05}
C:\Users\vicky\AppData\Local\{05159C92-140C-434D-AFB1-422DFA72F5BA}
C:\Users\vicky\AppData\Local\{05E2043A-0B7D-4850-916D-4ABC60C73C28}
C:\Users\vicky\AppData\Local\{07632ABA-1D2B-41EA-9DEF-C9E7F4EDD8F4}
C:\Users\vicky\AppData\Local\{07A549CD-99B3-461E-B4DC-74614DE1E30A}
C:\Users\vicky\AppData\Local\{094640BC-0216-487E-B2FA-A0128A81AA9E}
C:\Users\vicky\AppData\Local\{099EBCBA-392D-4BAB-9B06-22C2030B674F}
C:\Users\vicky\AppData\Local\{0A1EC6FE-8CBB-47F5-ACAB-6371B417C96A}
C:\Users\vicky\AppData\Local\{0BEB45B3-0EB9-4699-A811-8BF2686E8B94}
C:\Users\vicky\AppData\Local\{0C9414C1-31D7-4B3C-91B3-E528DA4D040B}
C:\Users\vicky\AppData\Local\{0D24D941-9ECE-4305-B024-EE74DC869734}
C:\Users\vicky\AppData\Local\{0EAD76BE-9A1A-4542-A765-9144A62EE2DF}
C:\Users\vicky\AppData\Local\{0F0C4290-0485-4886-9A57-D071421F37AC}
C:\Users\vicky\AppData\Local\{0F2039B1-9F47-4A89-A29F-985053ECF95F}
C:\Users\vicky\AppData\Local\{0F347E88-9BD4-4A60-9B6A-01F620195810}
C:\Users\vicky\AppData\Local\{0FF54D63-C6FF-4788-B227-1C1C1515044D}
C:\Users\vicky\AppData\Local\{10B3CC2D-1AA7-4487-880F-2B9249334C4E}
C:\Users\vicky\AppData\Local\{13C6859A-1FFE-4025-9524-4E942AF4AA0D}
C:\Users\vicky\AppData\Local\{13F6FEE1-53E3-45DE-B1D7-8616FABDE502}
C:\Users\vicky\AppData\Local\{15260D2A-A153-45AD-8ABF-438F14030C7C}
C:\Users\vicky\AppData\Local\{177A12E1-9295-4AA6-AE0F-A59755C8CD11}
C:\Users\vicky\AppData\Local\{180CB103-8EBE-4CB7-8DDD-AB9757C9873D}
C:\Users\vicky\AppData\Local\{18B13824-0B7F-4920-8291-753953890C61}
C:\Users\vicky\AppData\Local\{19105072-4886-4B31-8A86-28DE103AAA14}
C:\Users\vicky\AppData\Local\{1A208E6D-E1F2-489C-9056-A430CC39BC09}
C:\Users\vicky\AppData\Local\{1AAC836F-A9B4-412B-AC4B-29D5A93BDFCB}
C:\Users\vicky\AppData\Local\{1B03DC05-B33B-4773-89EF-2834A7CF2621}
C:\Users\vicky\AppData\Local\{1BA12603-6C55-412C-8554-4DB0D5CEF59E}
C:\Users\vicky\AppData\Local\{1C6AB674-AB3E-4168-B3B8-D504E8816F62}
C:\Users\vicky\AppData\Local\{1DA8A2FB-865F-438F-BF48-54397F11037A}
C:\Users\vicky\AppData\Local\{1E36A0AF-AC3A-4963-8F1F-4089733B2DB6}
C:\Users\vicky\AppData\Local\{20F9DC07-2FED-4CD0-9C86-8388D60B9BF2}
C:\Users\vicky\AppData\Local\{21221E55-F84C-4B7C-8427-F35A98FB8B52}
C:\Users\vicky\AppData\Local\{21418DD9-8743-433F-9616-77DAE48B7A23}
C:\Users\vicky\AppData\Local\{223E7F16-0C59-4FEE-910C-582028C7A773}
C:\Users\vicky\AppData\Local\{22BF174F-C41E-4B61-8EA0-AF4B2B01DB42}
C:\Users\vicky\AppData\Local\{22CB0907-AB1B-4850-99B1-6E9A32A90947}
C:\Users\vicky\AppData\Local\{240F62F2-D988-4733-AAF0-7F38C0A89666}
C:\Users\vicky\AppData\Local\{2458892D-60A4-4918-8C41-FDEBACFBF389}
C:\Users\vicky\AppData\Local\{249998B5-7184-4032-937A-38989F340449}
C:\Users\vicky\AppData\Local\{25ED8F70-75EA-42C2-8630-7F3C4D3B40F9}
C:\Users\vicky\AppData\Local\{2604BFA4-9117-454A-873B-E2F79883B38E}
C:\Users\vicky\AppData\Local\{26D9EFE6-7AC7-41EE-BE4B-C9CAC1002E31}
C:\Users\vicky\AppData\Local\{28C460CC-E251-4814-B998-EA57792EB6FE}
C:\Users\vicky\AppData\Local\{28F1715C-D4DB-44B3-98A3-7134F12B6DA6}
C:\Users\vicky\AppData\Local\{2A2A75C6-B383-4874-BE8B-11C58AC94878}
C:\Users\vicky\AppData\Local\{2A512356-7F9A-4EA6-B063-7C41F68065B1}
C:\Users\vicky\AppData\Local\{2A736131-ADEF-4730-88BB-4229F0E5D337}
C:\Users\vicky\AppData\Local\{2B7912CC-8546-41A9-BA92-824AB7B888A2}
C:\Users\vicky\AppData\Local\{2CD79D14-1856-4085-A102-FA77A390451A}
C:\Users\vicky\AppData\Local\{2D7A2682-B86C-40DE-9C69-767DE1037B69}
C:\Users\vicky\AppData\Local\{2EF04BD9-C5E1-4F06-B5F1-1ADD4DA45BA4}
C:\Users\vicky\AppData\Local\{30A8EA0D-F56A-4FAC-B740-E8D42875BA1B}
C:\Users\vicky\AppData\Local\{316774AE-C8A8-488B-8AEB-696AE60C922E}
C:\Users\vicky\AppData\Local\{31E34A19-7E40-43B2-B905-88AFE15CC17A}
C:\Users\vicky\AppData\Local\{31EF6A28-3318-4297-B38A-F10F3BC83594}
C:\Users\vicky\AppData\Local\{3263C539-F486-4DC8-A2FA-CE2E0D08166A}
C:\Users\vicky\AppData\Local\{32A3801C-2A93-449E-9755-AA6B4D76F917}
C:\Users\vicky\AppData\Local\{32D44DB3-A345-4B58-9715-48155A368725}
C:\Users\vicky\AppData\Local\{33576539-6324-47B1-AF05-02E413AC4DF1}
C:\Users\vicky\AppData\Local\{33780847-F051-48E8-80C2-EDF13E545B6F}
C:\Users\vicky\AppData\Local\{34B82413-3D2D-41E5-AA74-1595B0A93CF7}
C:\Users\vicky\AppData\Local\{356DE570-01BC-44E8-8C0E-5EA637A59E67}
C:\Users\vicky\AppData\Local\{358BBCDB-00AD-4C70-91C7-C6CC95236C5F}
C:\Users\vicky\AppData\Local\{35C79E17-3E1E-475D-91DF-CF24E61DD74F}
C:\Users\vicky\AppData\Local\{35F19296-A6B2-41C9-82A6-8C844ABF515D}
C:\Users\vicky\AppData\Local\{374D7782-C494-44CD-9D73-845AE1F36AC6}
C:\Users\vicky\AppData\Local\{3864CC6B-4D54-44BA-9F15-5AC675BD61BC}
C:\Users\vicky\AppData\Local\{38C0B25C-E0F2-45D5-908C-89AEA3712C06}
C:\Users\vicky\AppData\Local\{39F4F347-1376-41F3-9AD7-ED2126B0D399}
C:\Users\vicky\AppData\Local\{3C5B0349-FFC5-4989-9DBD-0992DBB1C943}
C:\Users\vicky\AppData\Local\{3D689A08-2886-4916-AFC3-7099143C7C9C}
C:\Users\vicky\AppData\Local\{3DCC8E49-F2FA-459A-833A-593CFD38B9B5}
C:\Users\vicky\AppData\Local\{3E6DE546-C468-46E8-BFCC-01A1E8F37B20}
C:\Users\vicky\AppData\Local\{3F5DBF1F-E44B-47A8-BCC1-62BFF2B0B6B6}
C:\Users\vicky\AppData\Local\{3FB42389-A031-4C50-88DC-ED2F99DDC08A}
C:\Users\vicky\AppData\Local\{4075D620-8BEA-42EB-B33B-686BAAA7B2BE}
C:\Users\vicky\AppData\Local\{40E0D9BA-8384-46BE-AD9E-A8886761FB51}
C:\Users\vicky\AppData\Local\{414542D8-714F-4E8A-B648-A2A6CFA1DDB4}
C:\Users\vicky\AppData\Local\{435EC4DE-731F-4609-A4B3-9625CFB899F9}
C:\Users\vicky\AppData\Local\{44767BF9-79F5-4178-8FCA-4C8AF9251E76}
C:\Users\vicky\AppData\Local\{44C2DC4D-CD1C-45D7-A254-33388E8EE37B}
C:\Users\vicky\AppData\Local\{4557D51E-D7A5-45FE-A4DC-14B3F09223B2}
C:\Users\vicky\AppData\Local\{45DAFD2F-97F9-4B05-B600-5DE932A668A5}
C:\Users\vicky\AppData\Local\{46338AE6-0E54-4EB0-A693-E115DEA58853}
C:\Users\vicky\AppData\Local\{4764F5AB-2AA4-4DDF-B73C-250A041C5977}
C:\Users\vicky\AppData\Local\{49E93049-2B52-426A-A4C5-023AD5C1EA34}
C:\Users\vicky\AppData\Local\{4A44EB14-C0CF-46AA-AB44-28431853212C}
C:\Users\vicky\AppData\Local\{4AAC0768-D402-44B2-B02B-A7280CAB72F4}
C:\Users\vicky\AppData\Local\{4B1D1A7F-15B2-4EC3-ACB6-C4F29A56BC7E}
C:\Users\vicky\AppData\Local\{4C51B369-C19C-46A0-997E-BABAD7F089E6}
C:\Users\vicky\AppData\Local\{4D8C7E3E-1195-4C30-AA96-B50618BA943E}
C:\Users\vicky\AppData\Local\{4E0A14E3-2A6C-457D-8ACA-C20D12F9F37D}
C:\Users\vicky\AppData\Local\{4E614173-1E19-47F0-A547-D1019A3CEDF0}
C:\Users\vicky\AppData\Local\{4ED26206-7BC5-475C-B9F8-B5485BF629BE}
C:\Users\vicky\AppData\Local\{50626E74-E239-4588-8F1E-C5DAF2F957E9}
C:\Users\vicky\AppData\Local\{50D78E1B-9803-422E-BD68-B5A705089B7A}
C:\Users\vicky\AppData\Local\{51299953-0623-4B9A-B525-4A9192D9705D}
C:\Users\vicky\AppData\Local\{5262BA29-091C-419B-BAFB-EA58ACE3F9EB}
C:\Users\vicky\AppData\Local\{53D8A97D-C2E9-4FBA-A871-8C53244C6725}
C:\Users\vicky\AppData\Local\{55F70618-6D3D-4438-81F0-60CDEF7E1F83}
C:\Users\vicky\AppData\Local\{563593B1-CF3D-47AB-B147-38B443C997D9}
C:\Users\vicky\AppData\Local\{59F576C0-A37E-4E64-9AF8-6CD753C1AD77}
C:\Users\vicky\AppData\Local\{5A72B6B5-02C3-42D1-865A-E9DB0737AC1E}
C:\Users\vicky\AppData\Local\{5AA67064-79C3-4238-9537-14ACEE78E1F6}
C:\Users\vicky\AppData\Local\{5AC9CD39-006F-44B5-B781-A83C5A64BE4F}
C:\Users\vicky\AppData\Local\{5B408C5B-F448-4F63-AF28-B20F948D2D8F}
C:\Users\vicky\AppData\Local\{5CCAAFB6-94F2-4784-9CD6-A0D026076B03}
C:\Users\vicky\AppData\Local\{5DAD68D7-1EE4-4B1C-B29C-B523B12AD167}
C:\Users\vicky\AppData\Local\{5DD7EC02-2A51-45BE-863D-2FB6C1AC6F5C}
C:\Users\vicky\AppData\Local\{5DE394A6-81A9-4D1B-AA37-6F2A03061A50}
C:\Users\vicky\AppData\Local\{5EB60413-357A-4916-AE36-F65C7669815E}
C:\Users\vicky\AppData\Local\{5F86AE3B-A0DB-444C-8CB5-2C64ABC522A1}
C:\Users\vicky\AppData\Local\{5FAD5F1F-FF88-4081-93D0-3BAF6438E7FD}
C:\Users\vicky\AppData\Local\{5FE81721-6AD1-4CF3-BF0D-3BCF7922953A}
C:\Users\vicky\AppData\Local\{604C2C49-3588-4FD4-AD57-91484EB95C85}
C:\Users\vicky\AppData\Local\{612FA4AA-5F1C-4A40-903B-4DBABF5829B1}
C:\Users\vicky\AppData\Local\{616E3BEA-0963-4E19-B184-DA1F2B7735E4}
C:\Users\vicky\AppData\Local\{62AC31EB-B69D-4088-9250-747BB552987B}
C:\Users\vicky\AppData\Local\{62B97A07-6924-4490-BC8E-9D79AA9B1C43}
C:\Users\vicky\AppData\Local\{6375C0D3-41DF-4A2B-BC50-79D00A423DA8}
C:\Users\vicky\AppData\Local\{644A7BA9-C938-4C6F-BF1C-8CF264D9C6DB}
C:\Users\vicky\AppData\Local\{64A29311-B54A-4CFA-96BC-060C8FC483E5}
C:\Users\vicky\AppData\Local\{64DD66B1-8BFB-41E3-91BD-4E72E7516890}
C:\Users\vicky\AppData\Local\{64F363BD-E741-4454-B088-2025D4831A75}
C:\Users\vicky\AppData\Local\{6595B027-AC4F-445E-A949-1ACF1DD7F88F}
C:\Users\vicky\AppData\Local\{661E337D-3ADD-43D8-AF26-695BE21CA0E3}
C:\Users\vicky\AppData\Local\{6783F1CB-F647-4001-9D93-B0CFF64020E4}
C:\Users\vicky\AppData\Local\{6847A8E1-1849-4A0A-B6AE-2D5EEC5256A5}
C:\Users\vicky\AppData\Local\{687D51B8-A08B-429E-8920-0617F0245D62}
C:\Users\vicky\AppData\Local\{69C6930E-39D2-49EB-AEFB-FB5E65524AC5}
C:\Users\vicky\AppData\Local\{6BA8C191-B1FD-4B50-9299-D90A76363CAE}
C:\Users\vicky\AppData\Local\{6CCE8D75-5254-487A-A7FE-FBC7A4A91AFE}
C:\Users\vicky\AppData\Local\{6D3A5EFA-5940-4493-BC12-56D21D0C26C5}
C:\Users\vicky\AppData\Local\{6DB20799-67DC-4DB5-B0C0-67FC36A09162}
C:\Users\vicky\AppData\Local\{6DEC9D1A-50C1-4352-B197-32C37AC558EE}
C:\Users\vicky\AppData\Local\{6EB503EB-98CC-43CA-A9EC-25F11E884825}
C:\Users\vicky\AppData\Local\{6F15AA74-5C9B-4CFD-9052-5D4C50CA03E3}
C:\Users\vicky\AppData\Local\{700C6A04-F231-4F91-974A-32B2F957D826}
C:\Users\vicky\AppData\Local\{709D1D5F-CD04-418D-9317-96E949C837E7}
C:\Users\vicky\AppData\Local\{70A0FDDE-D74C-4E40-9CBE-8F72410881D7}
C:\Users\vicky\AppData\Local\{7143F192-4817-4A83-A0AD-2F2979323788}
C:\Users\vicky\AppData\Local\{7151444E-C2F5-4764-89C2-6CFD8CBFF073}
C:\Users\vicky\AppData\Local\{724F4C18-DFC8-460C-977C-0FED3E6BA580}
C:\Users\vicky\AppData\Local\{73296E43-5480-4723-B7D3-F460C692FF08}
C:\Users\vicky\AppData\Local\{73E3F4E2-B5A3-4CEF-B6A6-3131FD8272F6}
C:\Users\vicky\AppData\Local\{74F5BB8D-0C84-47A7-BB24-C10223767236}
C:\Users\vicky\AppData\Local\{76C4DF5C-DEDC-4A41-A1EE-25195B637F4E}
C:\Users\vicky\AppData\Local\{773C0B28-2D15-4440-B50F-AAE614DAFB65}
C:\Users\vicky\AppData\Local\{7A434B2D-D37D-4BAD-BD51-24A44CA6F588}
C:\Users\vicky\AppData\Local\{7A693059-6225-4A16-BDA9-7F96AD9CCAC8}
C:\Users\vicky\AppData\Local\{7ADEDF4F-B36F-4DCC-9339-F1B30B7890B7}
C:\Users\vicky\AppData\Local\{7CAA4960-B031-4F5C-8F5A-EF6391DD01EF}
C:\Users\vicky\AppData\Local\{7D065DBE-A3E6-490A-B7DF-BF7ED1F6E239}
C:\Users\vicky\AppData\Local\{7D1994FA-3221-4721-B0C0-412D565D3AC5}
C:\Users\vicky\AppData\Local\{7E63625C-8F3C-477E-80C6-5F25E3EC6565}
C:\Users\vicky\AppData\Local\{7F6B5412-4F72-45AE-9832-13311C02EEEB}
C:\Users\vicky\AppData\Local\{7F7256F7-6649-4D65-AAC6-1AB3C47554CB}
C:\Users\vicky\AppData\Local\{80D965A0-442A-43E7-9C18-88BCA587404A}
C:\Users\vicky\AppData\Local\{82BE6153-0A9C-4B22-BEE5-E77B6FFCC529}
C:\Users\vicky\AppData\Local\{83F25D44-7B22-4039-877E-B26CD1935311}
C:\Users\vicky\AppData\Local\{8445182F-80A7-4AAD-87C1-FD5F8FFC6882}
C:\Users\vicky\AppData\Local\{84D7F88C-D4DB-41F6-BF1F-2E73BB0A92A0}
C:\Users\vicky\AppData\Local\{855C2C7F-1CAB-4A68-B876-E768549D55C9}
C:\Users\vicky\AppData\Local\{855E1E39-075E-40FC-BC8A-4A6B7A8CC6B0}
C:\Users\vicky\AppData\Local\{85608DD2-4A16-4E96-91B6-209A18AB0D19}
C:\Users\vicky\AppData\Local\{85BE4582-C60F-4D89-A8F0-3F16C15C1A50}
C:\Users\vicky\AppData\Local\{8681A09F-703E-4B28-AC2F-B3161C2D92CB}
C:\Users\vicky\AppData\Local\{8A60DA7A-EE04-48C2-9331-ECA07E3F88AD}
C:\Users\vicky\AppData\Local\{8B68F065-EA37-4AC2-B961-2B668F87D8B7}
C:\Users\vicky\AppData\Local\{8C4AE6F4-AEFA-4BCA-8C3B-E6D7BB1BDB1D}
C:\Users\vicky\AppData\Local\{8E46BD29-EEF7-4B47-89F5-F6A52A2A97B8}
C:\Users\vicky\AppData\Local\{8E600F98-CE43-4E7F-9659-0D51B7B6DA35}
C:\Users\vicky\AppData\Local\{906CCD89-3C1B-4E87-815D-558EAF303144}
C:\Users\vicky\AppData\Local\{906ED6F4-5F10-49D4-A488-290DF49F5647}
C:\Users\vicky\AppData\Local\{91C3601A-FAB5-4630-A7C5-ADAF075FFC6A}
C:\Users\vicky\AppData\Local\{9262E5C1-9D50-4D50-ADB2-16F0A246F90F}
C:\Users\vicky\AppData\Local\{93286195-E6CE-40C4-BA00-41A9ADB97206}
C:\Users\vicky\AppData\Local\{9428C126-011E-4A6B-AC57-80962B71CB7C}
C:\Users\vicky\AppData\Local\{9513D456-6BBD-4548-99DC-B723215478D4}
C:\Users\vicky\AppData\Local\{967F37BE-F3D0-4B5D-AD2F-5EFD6F205084}
C:\Users\vicky\AppData\Local\{979DDCF0-D5C1-4C79-9BE9-56D28348BBA8}
C:\Users\vicky\AppData\Local\{987EAA77-ABFD-446D-AEF8-F408B81B29BC}
C:\Users\vicky\AppData\Local\{98A0D4B7-9A33-40B4-AB1F-539CDAE713DE}
C:\Users\vicky\AppData\Local\{9B63CB54-0C39-4465-B39F-88B3A2F0A9AC}
C:\Users\vicky\AppData\Local\{9BEA627A-0817-4A1E-978A-E098871AED9E}
C:\Users\vicky\AppData\Local\{9C72540F-86F4-436F-A1FD-32404DDBBFEF}
C:\Users\vicky\AppData\Local\{9C91AFDD-E127-498E-B981-7AB25F4A434C}
C:\Users\vicky\AppData\Local\{9CAD5124-055F-48C8-9714-27515C002C4C}
C:\Users\vicky\AppData\Local\{9E747A09-6175-4259-9872-26753F6AFECC}
C:\Users\vicky\AppData\Local\{9EA8FAC2-F214-4E58-8B85-E8C505E4C4EF}
C:\Users\vicky\AppData\Local\{9FD64916-CE56-4545-AB45-941C16CC561B}
C:\Users\vicky\AppData\Local\{A4A218A1-B593-4CF1-BF63-D48FDAB799B1}
C:\Users\vicky\AppData\Local\{A4B2D48F-2FAD-4BD3-8F65-886BBD24FCE0}
C:\Users\vicky\AppData\Local\{A4C0DB7D-6C82-4631-A43B-377A39D4F27E}
C:\Users\vicky\AppData\Local\{A6F344A5-857C-4020-93BC-FF32FACD5928}
C:\Users\vicky\AppData\Local\{A8B2E14E-9322-4F4C-890A-C1DCA4E3E188}
C:\Users\vicky\AppData\Local\{A8ECB44C-B15E-409A-A450-A17928EBE5CB}
C:\Users\vicky\AppData\Local\{A927B62B-999A-4714-8E76-D06CCA203A7D}
C:\Users\vicky\AppData\Local\{AA3A95AA-6AA8-4172-80FA-5556304A3EAF}
C:\Users\vicky\AppData\Local\{AB20AFD8-1B2B-4E13-BF24-C464ADB90558}
C:\Users\vicky\AppData\Local\{AB2E79C3-77C7-4816-97CA-496F3E57C9EC}
C:\Users\vicky\AppData\Local\{AD96CBC4-C273-4548-BBFA-40844EFC7613}
C:\Users\vicky\AppData\Local\{AE69BEDB-6C1B-4BE9-B8D3-D7F0102898B8}
C:\Users\vicky\AppData\Local\{AF1C86CC-08EF-493E-9CAD-49F218A479E0}
C:\Users\vicky\AppData\Local\{AFB4177E-161C-44BA-8EAE-AD5527BA6C32}
C:\Users\vicky\AppData\Local\{B00D7211-66F8-4096-9561-ED7F33EB9F56}
C:\Users\vicky\AppData\Local\{B0C8DF5E-2CBD-49FC-848B-AC30DC5D5347}
C:\Users\vicky\AppData\Local\{B202EA36-7328-480E-89F0-3DE990214AE7}
C:\Users\vicky\AppData\Local\{B2272BD7-3BCD-4EDD-AC2E-D6268426054D}
C:\Users\vicky\AppData\Local\{B253AC95-A0EF-46DA-BA13-C86E3FDDBD2D}
C:\Users\vicky\AppData\Local\{B3874BDB-2E5E-4D91-B1CD-F4D6B5E8A3E5}
C:\Users\vicky\AppData\Local\{B3E99C26-C5D4-4D7F-A9AF-ADCE45D2A5D0}
C:\Users\vicky\AppData\Local\{B4C84CE4-DA13-4C8B-AF7A-E7DC428F52C7}
C:\Users\vicky\AppData\Local\{B541A0EE-73AE-43D7-A7FA-E5D9B752AA8E}
C:\Users\vicky\AppData\Local\{B5C2952F-E87D-4AA2-9AFD-C37BBE1A720A}
C:\Users\vicky\AppData\Local\{B5F42DEE-CA6E-4CEC-92D9-345775B57326}
C:\Users\vicky\AppData\Local\{B690764E-1104-4FB9-A762-52BFECFA60C6}
C:\Users\vicky\AppData\Local\{B7206EEE-451A-42AD-8FAF-2ACA42A0B561}
C:\Users\vicky\AppData\Local\{BA7011EC-0AE3-4B2F-BB01-506CE3AA4313}
C:\Users\vicky\AppData\Local\{BC693746-FBA2-4F9D-A51D-5B9F5F9D6D7C}
C:\Users\vicky\AppData\Local\{BCED5A0D-C99D-44E1-BFE6-58C871D8CE29}
C:\Users\vicky\AppData\Local\{BCFC332F-D682-4B08-8AA9-DFA58AD745FC}
C:\Users\vicky\AppData\Local\{BDB2029E-7697-4BAC-A8A0-AAC1E84B5574}
C:\Users\vicky\AppData\Local\{BE3A80EC-9BC2-4836-AC0A-6C7FCDA13A95}
C:\Users\vicky\AppData\Local\{C1306D69-C12D-4239-86B4-C6E074AA56D3}
C:\Users\vicky\AppData\Local\{C1540795-C504-438A-A053-FFC4DB3C338D}
C:\Users\vicky\AppData\Local\{C162EBBF-AC60-42E1-A642-2FC1A5EE1A02}
C:\Users\vicky\AppData\Local\{C205D8B2-630A-4F11-8B03-D1A02E757926}
C:\Users\vicky\AppData\Local\{C2FF2ECD-C8EA-4364-8F0E-885D1A7B390A}
C:\Users\vicky\AppData\Local\{C4AA1350-E98E-49DF-8A2E-598FCC03D20C}
C:\Users\vicky\AppData\Local\{C515F6D9-53AC-4212-AD65-C943A67BAAB5}
C:\Users\vicky\AppData\Local\{C65DFADF-1FCB-48FB-9E36-4816F40BBCB9}
C:\Users\vicky\AppData\Local\{C6CA562D-17B6-449F-8566-0D3888C8EA33}
C:\Users\vicky\AppData\Local\{C7A53A73-6F76-41E8-B411-0AD275E9D963}
C:\Users\vicky\AppData\Local\{C8644303-F5E0-4D8D-8CA1-F3794918C529}
C:\Users\vicky\AppData\Local\{C8C39078-C089-4F58-8E14-20745C4EEB25}
C:\Users\vicky\AppData\Local\{CB07A370-8482-464A-BB7A-4B62466CA620}
C:\Users\vicky\AppData\Local\{CB5C7E1E-48F5-4CDF-A1A9-DC1C211614B2}
C:\Users\vicky\AppData\Local\{CBABF205-DA60-4738-8E58-CC7C1DEDCF96}
C:\Users\vicky\AppData\Local\{CBB78357-1265-4659-A321-9609134929B0}
C:\Users\vicky\AppData\Local\{CC0CDC54-B747-4117-9A3F-27A058E3BB40}
C:\Users\vicky\AppData\Local\{CC907145-2EB5-4126-8FD9-3826B2447F84}
C:\Users\vicky\AppData\Local\{CCE146F5-5FCD-4817-9687-04D0A41FF40B}
C:\Users\vicky\AppData\Local\{CE30A1D2-63C3-45A1-AAF5-7A2CCA8B406F}
C:\Users\vicky\AppData\Local\{CF717364-80F2-405E-B2DC-AB1DC2856BA1}
C:\Users\vicky\AppData\Local\{D0B466B4-978E-437E-9534-B918E33CF404}
C:\Users\vicky\AppData\Local\{D10BF493-9900-4F93-BF2A-A5DB16003D7A}
C:\Users\vicky\AppData\Local\{D1FA4B76-AEDD-47DE-BF8C-AE6631DA9034}
C:\Users\vicky\AppData\Local\{D21F604F-D83F-443E-8C0E-AB8C0B0DB3B5}
C:\Users\vicky\AppData\Local\{D2885067-FB5D-41F5-B48F-BB868F08A186}
C:\Users\vicky\AppData\Local\{D7AD1FE1-E7D7-44B0-BA60-47885362CDDB}
C:\Users\vicky\AppData\Local\{DB1C531D-770A-416A-ACE9-7C0F66E35AC5}
C:\Users\vicky\AppData\Local\{DB9DCF3C-F98E-4C1F-81A7-980EB0E41797}
C:\Users\vicky\AppData\Local\{DC6F41F7-2A0E-4ADB-B6FA-3AC068F01B89}
C:\Users\vicky\AppData\Local\{DC955844-9A86-4F98-9F34-64F974539EBC}
C:\Users\vicky\AppData\Local\{DC95B7D7-C481-4BA8-9CD9-1BE640155FAF}
C:\Users\vicky\AppData\Local\{DCA5450C-C218-4EF4-80EC-A124925FF0DB}
C:\Users\vicky\AppData\Local\{DCF7AD2F-F85E-4AFF-A302-A21ACBA53D2B}
C:\Users\vicky\AppData\Local\{DD6013C1-45FE-410E-9F33-097A8BD8520C}
C:\Users\vicky\AppData\Local\{E0A3832A-4628-4B85-8571-BAAA737FC9CB}
C:\Users\vicky\AppData\Local\{E0B6F5DA-7B5A-41B9-A3C9-FAD596305724}
C:\Users\vicky\AppData\Local\{E0E3AA9B-5626-422E-A45A-B42C7BBD1DD0}
C:\Users\vicky\AppData\Local\{E148E21F-27CF-458F-8695-DE337C5B0447}
C:\Users\vicky\AppData\Local\{E1C3BD3C-1092-4F0A-B0C7-16FC64533828}
C:\Users\vicky\AppData\Local\{E356FA59-A24D-4B9E-BD7B-7E0666557CD6}
C:\Users\vicky\AppData\Local\{E3E51A71-0239-46CC-87AD-04E41C64FC60}
C:\Users\vicky\AppData\Local\{E77F142A-3889-4C97-9809-59F9A2CAAD2C}
C:\Users\vicky\AppData\Local\{E7DE6E1F-A4F3-4957-934F-9C3AB1BAD1B3}
C:\Users\vicky\AppData\Local\{E896B657-A101-44C5-A370-5E8AD2EDCE1C}
C:\Users\vicky\AppData\Local\{E8BAC6C3-988B-41E4-A7EF-D21FD745501B}
C:\Users\vicky\AppData\Local\{EB1731E5-F6D9-4F46-AB49-9E4029217DCB}
C:\Users\vicky\AppData\Local\{EC65ED21-91A8-4A67-94DA-83C2296A66A1}
C:\Users\vicky\AppData\Local\{EE680734-B876-4C0B-9D8D-5FCF022B5FDE}
C:\Users\vicky\AppData\Local\{EED0C964-74AF-46B2-8829-54D943C4E427}
C:\Users\vicky\AppData\Local\{EF8AC756-7740-4E54-B585-9E6155B03978}
C:\Users\vicky\AppData\Local\{EFB78EDF-6AF5-4139-BEF8-D5BBBD5E6D12}
C:\Users\vicky\AppData\Local\{EFE21566-5DC2-46B1-BF84-33459FC73A18}
C:\Users\vicky\AppData\Local\{F0063EBE-34B3-48E0-BA30-E8D0D5BF9C27}
C:\Users\vicky\AppData\Local\{F13B7CD8-531A-4ED4-836F-B97A299063F8}
C:\Users\vicky\AppData\Local\{F4032E4E-0316-4EBA-AFDF-3B41643756B7}
C:\Users\vicky\AppData\Local\{F4538D30-A159-43D6-A33C-12292732F070}
C:\Users\vicky\AppData\Local\{F567870A-3609-4B68-84FE-1D82509E6ABD}
C:\Users\vicky\AppData\Local\{F59AFCDB-FB66-4306-8B57-9A5BB2A6A8F8}
C:\Users\vicky\AppData\Local\{F5AAF826-4667-457B-993A-D6F4EF4EF85D}
C:\Users\vicky\AppData\Local\{F5DCD36A-CE96-4A1D-B68C-34839E5DA7A0}
C:\Users\vicky\AppData\Local\{F839C8E2-4D96-46BA-A3A9-16326AA4D4F7}
C:\Users\vicky\AppData\Local\{F84ACB17-8E4F-4543-869B-EE277C2CA3E7}
C:\Users\vicky\AppData\Local\{F88270F3-DF5B-4084-B8B3-A65053115DAC}
C:\Users\vicky\AppData\Local\{FD46DB9B-667A-49C6-80D3-B2CAE72605B9}
C:\Users\vicky\AppData\Local\{FD7D163D-708E-4F98-86AF-8612C2CB155C}
Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.

This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

Now install the current version of Sun Java from: jre-7u2-windows-i586.exe

What malware problems remain?
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #10  
Old 12-24-11, 15:34
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
fixed with browsers closed.

new ComboFixLog attached.

new java installed.

Issues still occuring:-
Windows Update still not updating code 80096001

Microsoft Security Essentials hasn't been reinstalled since you instructed me to remove it previously so i tried Windows defender.

in Security Centre under malware protection tab when i try to enable windows defender i get error message:
Security Centre Can't turn on Windows Defender. Please try again later.
Attached Files
File Type: txt ComboFixLog.txt (40.5 KB, 1 views)
Reply With Quote
Sponsored links
  #11  
Old 12-24-11, 15:52
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:
Code:
Folder::
C:\Users\vicky\AppData\Local\{0033BDCD-B272-4816-8B80-F8FAF73BA0B5}
C:\Users\vicky\AppData\Local\{007DA482-D2E9-49B9-B3F7-73798462E917}
C:\Users\vicky\AppData\Local\{008BB260-17E0-44A6-A613-A0B68157C6E9}
C:\Users\vicky\AppData\Local\{00C4FE1E-88DB-416F-B3EE-8EC0254E1FE9}
C:\Users\vicky\AppData\Local\{01065EB0-7327-4EED-B9B2-87C422FA93B5}
C:\Users\vicky\AppData\Local\{019D77EE-4D9F-4B91-8421-C1CF4721735A}
C:\Users\vicky\AppData\Local\{01F0004C-D948-463F-8362-747AD2602F34}
C:\Users\vicky\AppData\Local\{023BC08A-D78D-42F7-87D7-58AD8919553B}
C:\Users\vicky\AppData\Local\{033AF53D-1EB8-4861-BC63-6EDE6E5071C4}
C:\Users\vicky\AppData\Local\{04B2108A-8F96-4CAE-811B-63026D3D4A05}
C:\Users\vicky\AppData\Local\{05159C92-140C-434D-AFB1-422DFA72F5BA}
C:\Users\vicky\AppData\Local\{05E2043A-0B7D-4850-916D-4ABC60C73C28}
C:\Users\vicky\AppData\Local\{07632ABA-1D2B-41EA-9DEF-C9E7F4EDD8F4}
C:\Users\vicky\AppData\Local\{07A549CD-99B3-461E-B4DC-74614DE1E30A}
C:\Users\vicky\AppData\Local\{094640BC-0216-487E-B2FA-A0128A81AA9E}
C:\Users\vicky\AppData\Local\{099EBCBA-392D-4BAB-9B06-22C2030B674F}
C:\Users\vicky\AppData\Local\{0A1EC6FE-8CBB-47F5-ACAB-6371B417C96A}
C:\Users\vicky\AppData\Local\{0BEB45B3-0EB9-4699-A811-8BF2686E8B94}
C:\Users\vicky\AppData\Local\{0C9414C1-31D7-4B3C-91B3-E528DA4D040B}
C:\Users\vicky\AppData\Local\{0D24D941-9ECE-4305-B024-EE74DC869734}
C:\Users\vicky\AppData\Local\{0EAD76BE-9A1A-4542-A765-9144A62EE2DF}
C:\Users\vicky\AppData\Local\{0F0C4290-0485-4886-9A57-D071421F37AC}
C:\Users\vicky\AppData\Local\{0F2039B1-9F47-4A89-A29F-985053ECF95F}
C:\Users\vicky\AppData\Local\{0F347E88-9BD4-4A60-9B6A-01F620195810}
C:\Users\vicky\AppData\Local\{0FF54D63-C6FF-4788-B227-1C1C1515044D}
C:\Users\vicky\AppData\Local\{10B3CC2D-1AA7-4487-880F-2B9249334C4E}
C:\Users\vicky\AppData\Local\{13C6859A-1FFE-4025-9524-4E942AF4AA0D}
C:\Users\vicky\AppData\Local\{13F6FEE1-53E3-45DE-B1D7-8616FABDE502}
C:\Users\vicky\AppData\Local\{15260D2A-A153-45AD-8ABF-438F14030C7C}
C:\Users\vicky\AppData\Local\{177A12E1-9295-4AA6-AE0F-A59755C8CD11}
C:\Users\vicky\AppData\Local\{180CB103-8EBE-4CB7-8DDD-AB9757C9873D}
C:\Users\vicky\AppData\Local\{18B13824-0B7F-4920-8291-753953890C61}
C:\Users\vicky\AppData\Local\{19105072-4886-4B31-8A86-28DE103AAA14}
C:\Users\vicky\AppData\Local\{1A208E6D-E1F2-489C-9056-A430CC39BC09}
C:\Users\vicky\AppData\Local\{1AAC836F-A9B4-412B-AC4B-29D5A93BDFCB}
C:\Users\vicky\AppData\Local\{1B03DC05-B33B-4773-89EF-2834A7CF2621}
C:\Users\vicky\AppData\Local\{1BA12603-6C55-412C-8554-4DB0D5CEF59E}
C:\Users\vicky\AppData\Local\{1C6AB674-AB3E-4168-B3B8-D504E8816F62}
C:\Users\vicky\AppData\Local\{1DA8A2FB-865F-438F-BF48-54397F11037A}
C:\Users\vicky\AppData\Local\{1E36A0AF-AC3A-4963-8F1F-4089733B2DB6}
C:\Users\vicky\AppData\Local\{20F9DC07-2FED-4CD0-9C86-8388D60B9BF2}
C:\Users\vicky\AppData\Local\{21221E55-F84C-4B7C-8427-F35A98FB8B52}
C:\Users\vicky\AppData\Local\{21418DD9-8743-433F-9616-77DAE48B7A23}
C:\Users\vicky\AppData\Local\{223E7F16-0C59-4FEE-910C-582028C7A773}
C:\Users\vicky\AppData\Local\{22BF174F-C41E-4B61-8EA0-AF4B2B01DB42}
C:\Users\vicky\AppData\Local\{22CB0907-AB1B-4850-99B1-6E9A32A90947}
C:\Users\vicky\AppData\Local\{240F62F2-D988-4733-AAF0-7F38C0A89666}
C:\Users\vicky\AppData\Local\{2458892D-60A4-4918-8C41-FDEBACFBF389}
C:\Users\vicky\AppData\Local\{249998B5-7184-4032-937A-38989F340449}
C:\Users\vicky\AppData\Local\{25ED8F70-75EA-42C2-8630-7F3C4D3B40F9}
C:\Users\vicky\AppData\Local\{2604BFA4-9117-454A-873B-E2F79883B38E}
C:\Users\vicky\AppData\Local\{26D9EFE6-7AC7-41EE-BE4B-C9CAC1002E31}
C:\Users\vicky\AppData\Local\{28C460CC-E251-4814-B998-EA57792EB6FE}
C:\Users\vicky\AppData\Local\{28F1715C-D4DB-44B3-98A3-7134F12B6DA6}
C:\Users\vicky\AppData\Local\{2A2A75C6-B383-4874-BE8B-11C58AC94878}
C:\Users\vicky\AppData\Local\{2A512356-7F9A-4EA6-B063-7C41F68065B1}
C:\Users\vicky\AppData\Local\{2A736131-ADEF-4730-88BB-4229F0E5D337}
C:\Users\vicky\AppData\Local\{2B7912CC-8546-41A9-BA92-824AB7B888A2}
C:\Users\vicky\AppData\Local\{2CD79D14-1856-4085-A102-FA77A390451A}
C:\Users\vicky\AppData\Local\{2D7A2682-B86C-40DE-9C69-767DE1037B69}
C:\Users\vicky\AppData\Local\{2EF04BD9-C5E1-4F06-B5F1-1ADD4DA45BA4}
C:\Users\vicky\AppData\Local\{30A8EA0D-F56A-4FAC-B740-E8D42875BA1B}
C:\Users\vicky\AppData\Local\{316774AE-C8A8-488B-8AEB-696AE60C922E}
C:\Users\vicky\AppData\Local\{31E34A19-7E40-43B2-B905-88AFE15CC17A}
C:\Users\vicky\AppData\Local\{31EF6A28-3318-4297-B38A-F10F3BC83594}
C:\Users\vicky\AppData\Local\{3263C539-F486-4DC8-A2FA-CE2E0D08166A}
C:\Users\vicky\AppData\Local\{32A3801C-2A93-449E-9755-AA6B4D76F917}
C:\Users\vicky\AppData\Local\{32D44DB3-A345-4B58-9715-48155A368725}
C:\Users\vicky\AppData\Local\{33576539-6324-47B1-AF05-02E413AC4DF1}
C:\Users\vicky\AppData\Local\{33780847-F051-48E8-80C2-EDF13E545B6F}
C:\Users\vicky\AppData\Local\{34B82413-3D2D-41E5-AA74-1595B0A93CF7}
C:\Users\vicky\AppData\Local\{356DE570-01BC-44E8-8C0E-5EA637A59E67}
C:\Users\vicky\AppData\Local\{358BBCDB-00AD-4C70-91C7-C6CC95236C5F}
C:\Users\vicky\AppData\Local\{35C79E17-3E1E-475D-91DF-CF24E61DD74F}
C:\Users\vicky\AppData\Local\{35F19296-A6B2-41C9-82A6-8C844ABF515D}
C:\Users\vicky\AppData\Local\{374D7782-C494-44CD-9D73-845AE1F36AC6}
C:\Users\vicky\AppData\Local\{3864CC6B-4D54-44BA-9F15-5AC675BD61BC}
C:\Users\vicky\AppData\Local\{38C0B25C-E0F2-45D5-908C-89AEA3712C06}
C:\Users\vicky\AppData\Local\{39F4F347-1376-41F3-9AD7-ED2126B0D399}
C:\Users\vicky\AppData\Local\{3C5B0349-FFC5-4989-9DBD-0992DBB1C943}
C:\Users\vicky\AppData\Local\{3D689A08-2886-4916-AFC3-7099143C7C9C}
C:\Users\vicky\AppData\Local\{3DCC8E49-F2FA-459A-833A-593CFD38B9B5}
C:\Users\vicky\AppData\Local\{3E6DE546-C468-46E8-BFCC-01A1E8F37B20}
C:\Users\vicky\AppData\Local\{3F5DBF1F-E44B-47A8-BCC1-62BFF2B0B6B6}
C:\Users\vicky\AppData\Local\{3FB42389-A031-4C50-88DC-ED2F99DDC08A}
C:\Users\vicky\AppData\Local\{4075D620-8BEA-42EB-B33B-686BAAA7B2BE}
C:\Users\vicky\AppData\Local\{40E0D9BA-8384-46BE-AD9E-A8886761FB51}
C:\Users\vicky\AppData\Local\{414542D8-714F-4E8A-B648-A2A6CFA1DDB4}
C:\Users\vicky\AppData\Local\{435EC4DE-731F-4609-A4B3-9625CFB899F9}
C:\Users\vicky\AppData\Local\{44767BF9-79F5-4178-8FCA-4C8AF9251E76}
C:\Users\vicky\AppData\Local\{44C2DC4D-CD1C-45D7-A254-33388E8EE37B}
C:\Users\vicky\AppData\Local\{4557D51E-D7A5-45FE-A4DC-14B3F09223B2}
C:\Users\vicky\AppData\Local\{45DAFD2F-97F9-4B05-B600-5DE932A668A5}
C:\Users\vicky\AppData\Local\{46338AE6-0E54-4EB0-A693-E115DEA58853}
C:\Users\vicky\AppData\Local\{4764F5AB-2AA4-4DDF-B73C-250A041C5977}
C:\Users\vicky\AppData\Local\{49E93049-2B52-426A-A4C5-023AD5C1EA34}
C:\Users\vicky\AppData\Local\{4A44EB14-C0CF-46AA-AB44-28431853212C}
C:\Users\vicky\AppData\Local\{4AAC0768-D402-44B2-B02B-A7280CAB72F4}
C:\Users\vicky\AppData\Local\{4B1D1A7F-15B2-4EC3-ACB6-C4F29A56BC7E}
C:\Users\vicky\AppData\Local\{4C51B369-C19C-46A0-997E-BABAD7F089E6}
C:\Users\vicky\AppData\Local\{4D8C7E3E-1195-4C30-AA96-B50618BA943E}
C:\Users\vicky\AppData\Local\{4E0A14E3-2A6C-457D-8ACA-C20D12F9F37D}
C:\Users\vicky\AppData\Local\{4E614173-1E19-47F0-A547-D1019A3CEDF0}
C:\Users\vicky\AppData\Local\{4ED26206-7BC5-475C-B9F8-B5485BF629BE}
C:\Users\vicky\AppData\Local\{50626E74-E239-4588-8F1E-C5DAF2F957E9}
C:\Users\vicky\AppData\Local\{50D78E1B-9803-422E-BD68-B5A705089B7A}
C:\Users\vicky\AppData\Local\{51299953-0623-4B9A-B525-4A9192D9705D}
C:\Users\vicky\AppData\Local\{5262BA29-091C-419B-BAFB-EA58ACE3F9EB}
C:\Users\vicky\AppData\Local\{53D8A97D-C2E9-4FBA-A871-8C53244C6725}
C:\Users\vicky\AppData\Local\{55F70618-6D3D-4438-81F0-60CDEF7E1F83}
C:\Users\vicky\AppData\Local\{563593B1-CF3D-47AB-B147-38B443C997D9}
C:\Users\vicky\AppData\Local\{59F576C0-A37E-4E64-9AF8-6CD753C1AD77}
C:\Users\vicky\AppData\Local\{5A72B6B5-02C3-42D1-865A-E9DB0737AC1E}
C:\Users\vicky\AppData\Local\{5AA67064-79C3-4238-9537-14ACEE78E1F6}
C:\Users\vicky\AppData\Local\{5AC9CD39-006F-44B5-B781-A83C5A64BE4F}
C:\Users\vicky\AppData\Local\{5B408C5B-F448-4F63-AF28-B20F948D2D8F}
C:\Users\vicky\AppData\Local\{5CCAAFB6-94F2-4784-9CD6-A0D026076B03}
C:\Users\vicky\AppData\Local\{5DAD68D7-1EE4-4B1C-B29C-B523B12AD167}
C:\Users\vicky\AppData\Local\{5DD7EC02-2A51-45BE-863D-2FB6C1AC6F5C}
C:\Users\vicky\AppData\Local\{5DE394A6-81A9-4D1B-AA37-6F2A03061A50}
C:\Users\vicky\AppData\Local\{5EB60413-357A-4916-AE36-F65C7669815E}
C:\Users\vicky\AppData\Local\{5F86AE3B-A0DB-444C-8CB5-2C64ABC522A1}
C:\Users\vicky\AppData\Local\{5FAD5F1F-FF88-4081-93D0-3BAF6438E7FD}
C:\Users\vicky\AppData\Local\{5FE81721-6AD1-4CF3-BF0D-3BCF7922953A}
C:\Users\vicky\AppData\Local\{604C2C49-3588-4FD4-AD57-91484EB95C85}
C:\Users\vicky\AppData\Local\{612FA4AA-5F1C-4A40-903B-4DBABF5829B1}
C:\Users\vicky\AppData\Local\{616E3BEA-0963-4E19-B184-DA1F2B7735E4}
C:\Users\vicky\AppData\Local\{62AC31EB-B69D-4088-9250-747BB552987B}
C:\Users\vicky\AppData\Local\{62B97A07-6924-4490-BC8E-9D79AA9B1C43}
C:\Users\vicky\AppData\Local\{6375C0D3-41DF-4A2B-BC50-79D00A423DA8}
C:\Users\vicky\AppData\Local\{644A7BA9-C938-4C6F-BF1C-8CF264D9C6DB}
C:\Users\vicky\AppData\Local\{64A29311-B54A-4CFA-96BC-060C8FC483E5}
C:\Users\vicky\AppData\Local\{64DD66B1-8BFB-41E3-91BD-4E72E7516890}
C:\Users\vicky\AppData\Local\{64F363BD-E741-4454-B088-2025D4831A75}
C:\Users\vicky\AppData\Local\{6595B027-AC4F-445E-A949-1ACF1DD7F88F}
C:\Users\vicky\AppData\Local\{661E337D-3ADD-43D8-AF26-695BE21CA0E3}
C:\Users\vicky\AppData\Local\{6783F1CB-F647-4001-9D93-B0CFF64020E4}
C:\Users\vicky\AppData\Local\{6847A8E1-1849-4A0A-B6AE-2D5EEC5256A5}
C:\Users\vicky\AppData\Local\{687D51B8-A08B-429E-8920-0617F0245D62}
C:\Users\vicky\AppData\Local\{69C6930E-39D2-49EB-AEFB-FB5E65524AC5}
C:\Users\vicky\AppData\Local\{6BA8C191-B1FD-4B50-9299-D90A76363CAE}
C:\Users\vicky\AppData\Local\{6CCE8D75-5254-487A-A7FE-FBC7A4A91AFE}
C:\Users\vicky\AppData\Local\{6D3A5EFA-5940-4493-BC12-56D21D0C26C5}
C:\Users\vicky\AppData\Local\{6DB20799-67DC-4DB5-B0C0-67FC36A09162}
C:\Users\vicky\AppData\Local\{6DEC9D1A-50C1-4352-B197-32C37AC558EE}
C:\Users\vicky\AppData\Local\{6EB503EB-98CC-43CA-A9EC-25F11E884825}
C:\Users\vicky\AppData\Local\{6F15AA74-5C9B-4CFD-9052-5D4C50CA03E3}
C:\Users\vicky\AppData\Local\{700C6A04-F231-4F91-974A-32B2F957D826}
C:\Users\vicky\AppData\Local\{709D1D5F-CD04-418D-9317-96E949C837E7}
C:\Users\vicky\AppData\Local\{70A0FDDE-D74C-4E40-9CBE-8F72410881D7}
C:\Users\vicky\AppData\Local\{7143F192-4817-4A83-A0AD-2F2979323788}
C:\Users\vicky\AppData\Local\{7151444E-C2F5-4764-89C2-6CFD8CBFF073}
C:\Users\vicky\AppData\Local\{724F4C18-DFC8-460C-977C-0FED3E6BA580}
C:\Users\vicky\AppData\Local\{73296E43-5480-4723-B7D3-F460C692FF08}
C:\Users\vicky\AppData\Local\{73E3F4E2-B5A3-4CEF-B6A6-3131FD8272F6}
C:\Users\vicky\AppData\Local\{74F5BB8D-0C84-47A7-BB24-C10223767236}
C:\Users\vicky\AppData\Local\{76C4DF5C-DEDC-4A41-A1EE-25195B637F4E}
C:\Users\vicky\AppData\Local\{773C0B28-2D15-4440-B50F-AAE614DAFB65}
C:\Users\vicky\AppData\Local\{7A434B2D-D37D-4BAD-BD51-24A44CA6F588}
C:\Users\vicky\AppData\Local\{7A693059-6225-4A16-BDA9-7F96AD9CCAC8}
C:\Users\vicky\AppData\Local\{7ADEDF4F-B36F-4DCC-9339-F1B30B7890B7}
C:\Users\vicky\AppData\Local\{7CAA4960-B031-4F5C-8F5A-EF6391DD01EF}
C:\Users\vicky\AppData\Local\{7D065DBE-A3E6-490A-B7DF-BF7ED1F6E239}
C:\Users\vicky\AppData\Local\{7D1994FA-3221-4721-B0C0-412D565D3AC5}
C:\Users\vicky\AppData\Local\{7E63625C-8F3C-477E-80C6-5F25E3EC6565}
C:\Users\vicky\AppData\Local\{7F6B5412-4F72-45AE-9832-13311C02EEEB}
C:\Users\vicky\AppData\Local\{7F7256F7-6649-4D65-AAC6-1AB3C47554CB}
C:\Users\vicky\AppData\Local\{80D965A0-442A-43E7-9C18-88BCA587404A}
C:\Users\vicky\AppData\Local\{82BE6153-0A9C-4B22-BEE5-E77B6FFCC529}
C:\Users\vicky\AppData\Local\{83F25D44-7B22-4039-877E-B26CD1935311}
C:\Users\vicky\AppData\Local\{8445182F-80A7-4AAD-87C1-FD5F8FFC6882}
C:\Users\vicky\AppData\Local\{84D7F88C-D4DB-41F6-BF1F-2E73BB0A92A0}
C:\Users\vicky\AppData\Local\{855C2C7F-1CAB-4A68-B876-E768549D55C9}
C:\Users\vicky\AppData\Local\{855E1E39-075E-40FC-BC8A-4A6B7A8CC6B0}
C:\Users\vicky\AppData\Local\{85608DD2-4A16-4E96-91B6-209A18AB0D19}
C:\Users\vicky\AppData\Local\{85BE4582-C60F-4D89-A8F0-3F16C15C1A50}
C:\Users\vicky\AppData\Local\{8681A09F-703E-4B28-AC2F-B3161C2D92CB}
C:\Users\vicky\AppData\Local\{8A60DA7A-EE04-48C2-9331-ECA07E3F88AD}
C:\Users\vicky\AppData\Local\{8B68F065-EA37-4AC2-B961-2B668F87D8B7}
C:\Users\vicky\AppData\Local\{8C4AE6F4-AEFA-4BCA-8C3B-E6D7BB1BDB1D}
C:\Users\vicky\AppData\Local\{8E46BD29-EEF7-4B47-89F5-F6A52A2A97B8}
C:\Users\vicky\AppData\Local\{8E600F98-CE43-4E7F-9659-0D51B7B6DA35}
C:\Users\vicky\AppData\Local\{906CCD89-3C1B-4E87-815D-558EAF303144}
C:\Users\vicky\AppData\Local\{906ED6F4-5F10-49D4-A488-290DF49F5647}
C:\Users\vicky\AppData\Local\{91C3601A-FAB5-4630-A7C5-ADAF075FFC6A}
C:\Users\vicky\AppData\Local\{9262E5C1-9D50-4D50-ADB2-16F0A246F90F}
C:\Users\vicky\AppData\Local\{93286195-E6CE-40C4-BA00-41A9ADB97206}
C:\Users\vicky\AppData\Local\{9428C126-011E-4A6B-AC57-80962B71CB7C}
C:\Users\vicky\AppData\Local\{9513D456-6BBD-4548-99DC-B723215478D4}
C:\Users\vicky\AppData\Local\{967F37BE-F3D0-4B5D-AD2F-5EFD6F205084}
C:\Users\vicky\AppData\Local\{979DDCF0-D5C1-4C79-9BE9-56D28348BBA8}
C:\Users\vicky\AppData\Local\{987EAA77-ABFD-446D-AEF8-F408B81B29BC}
C:\Users\vicky\AppData\Local\{98A0D4B7-9A33-40B4-AB1F-539CDAE713DE}
C:\Users\vicky\AppData\Local\{9B63CB54-0C39-4465-B39F-88B3A2F0A9AC}
C:\Users\vicky\AppData\Local\{9BEA627A-0817-4A1E-978A-E098871AED9E}
C:\Users\vicky\AppData\Local\{9C72540F-86F4-436F-A1FD-32404DDBBFEF}
C:\Users\vicky\AppData\Local\{9C91AFDD-E127-498E-B981-7AB25F4A434C}
C:\Users\vicky\AppData\Local\{9CAD5124-055F-48C8-9714-27515C002C4C}
C:\Users\vicky\AppData\Local\{9E747A09-6175-4259-9872-26753F6AFECC}
C:\Users\vicky\AppData\Local\{9EA8FAC2-F214-4E58-8B85-E8C505E4C4EF}
C:\Users\vicky\AppData\Local\{9FD64916-CE56-4545-AB45-941C16CC561B}
C:\Users\vicky\AppData\Local\{A4A218A1-B593-4CF1-BF63-D48FDAB799B1}
C:\Users\vicky\AppData\Local\{A4B2D48F-2FAD-4BD3-8F65-886BBD24FCE0}
C:\Users\vicky\AppData\Local\{A4C0DB7D-6C82-4631-A43B-377A39D4F27E}
C:\Users\vicky\AppData\Local\{A6F344A5-857C-4020-93BC-FF32FACD5928}
C:\Users\vicky\AppData\Local\{A8B2E14E-9322-4F4C-890A-C1DCA4E3E188}
C:\Users\vicky\AppData\Local\{A8ECB44C-B15E-409A-A450-A17928EBE5CB}
C:\Users\vicky\AppData\Local\{A927B62B-999A-4714-8E76-D06CCA203A7D}
C:\Users\vicky\AppData\Local\{AA3A95AA-6AA8-4172-80FA-5556304A3EAF}
C:\Users\vicky\AppData\Local\{AB20AFD8-1B2B-4E13-BF24-C464ADB90558}
C:\Users\vicky\AppData\Local\{AB2E79C3-77C7-4816-97CA-496F3E57C9EC}
C:\Users\vicky\AppData\Local\{AD96CBC4-C273-4548-BBFA-40844EFC7613}
C:\Users\vicky\AppData\Local\{AE69BEDB-6C1B-4BE9-B8D3-D7F0102898B8}
C:\Users\vicky\AppData\Local\{AF1C86CC-08EF-493E-9CAD-49F218A479E0}
C:\Users\vicky\AppData\Local\{AFB4177E-161C-44BA-8EAE-AD5527BA6C32}
C:\Users\vicky\AppData\Local\{B00D7211-66F8-4096-9561-ED7F33EB9F56}
C:\Users\vicky\AppData\Local\{B0C8DF5E-2CBD-49FC-848B-AC30DC5D5347}
C:\Users\vicky\AppData\Local\{B202EA36-7328-480E-89F0-3DE990214AE7}
C:\Users\vicky\AppData\Local\{B2272BD7-3BCD-4EDD-AC2E-D6268426054D}
C:\Users\vicky\AppData\Local\{B253AC95-A0EF-46DA-BA13-C86E3FDDBD2D}
C:\Users\vicky\AppData\Local\{B3874BDB-2E5E-4D91-B1CD-F4D6B5E8A3E5}
C:\Users\vicky\AppData\Local\{B3E99C26-C5D4-4D7F-A9AF-ADCE45D2A5D0}
C:\Users\vicky\AppData\Local\{B4C84CE4-DA13-4C8B-AF7A-E7DC428F52C7}
C:\Users\vicky\AppData\Local\{B541A0EE-73AE-43D7-A7FA-E5D9B752AA8E}
C:\Users\vicky\AppData\Local\{B5C2952F-E87D-4AA2-9AFD-C37BBE1A720A}
C:\Users\vicky\AppData\Local\{B5F42DEE-CA6E-4CEC-92D9-345775B57326}
C:\Users\vicky\AppData\Local\{B690764E-1104-4FB9-A762-52BFECFA60C6}
C:\Users\vicky\AppData\Local\{B7206EEE-451A-42AD-8FAF-2ACA42A0B561}
C:\Users\vicky\AppData\Local\{BA7011EC-0AE3-4B2F-BB01-506CE3AA4313}
C:\Users\vicky\AppData\Local\{BC693746-FBA2-4F9D-A51D-5B9F5F9D6D7C}
C:\Users\vicky\AppData\Local\{BCED5A0D-C99D-44E1-BFE6-58C871D8CE29}
C:\Users\vicky\AppData\Local\{BCFC332F-D682-4B08-8AA9-DFA58AD745FC}
C:\Users\vicky\AppData\Local\{BDB2029E-7697-4BAC-A8A0-AAC1E84B5574}
C:\Users\vicky\AppData\Local\{BE3A80EC-9BC2-4836-AC0A-6C7FCDA13A95}
C:\Users\vicky\AppData\Local\{C1306D69-C12D-4239-86B4-C6E074AA56D3}
C:\Users\vicky\AppData\Local\{C1540795-C504-438A-A053-FFC4DB3C338D}
C:\Users\vicky\AppData\Local\{C162EBBF-AC60-42E1-A642-2FC1A5EE1A02}
C:\Users\vicky\AppData\Local\{C205D8B2-630A-4F11-8B03-D1A02E757926}
C:\Users\vicky\AppData\Local\{C2FF2ECD-C8EA-4364-8F0E-885D1A7B390A}
C:\Users\vicky\AppData\Local\{C4AA1350-E98E-49DF-8A2E-598FCC03D20C}
C:\Users\vicky\AppData\Local\{C515F6D9-53AC-4212-AD65-C943A67BAAB5}
C:\Users\vicky\AppData\Local\{C65DFADF-1FCB-48FB-9E36-4816F40BBCB9}
C:\Users\vicky\AppData\Local\{C6CA562D-17B6-449F-8566-0D3888C8EA33}
C:\Users\vicky\AppData\Local\{C7A53A73-6F76-41E8-B411-0AD275E9D963}
C:\Users\vicky\AppData\Local\{C8644303-F5E0-4D8D-8CA1-F3794918C529}
C:\Users\vicky\AppData\Local\{C8C39078-C089-4F58-8E14-20745C4EEB25}
C:\Users\vicky\AppData\Local\{CB07A370-8482-464A-BB7A-4B62466CA620}
C:\Users\vicky\AppData\Local\{CB5C7E1E-48F5-4CDF-A1A9-DC1C211614B2}
C:\Users\vicky\AppData\Local\{CBABF205-DA60-4738-8E58-CC7C1DEDCF96}
C:\Users\vicky\AppData\Local\{CBB78357-1265-4659-A321-9609134929B0}
C:\Users\vicky\AppData\Local\{CC0CDC54-B747-4117-9A3F-27A058E3BB40}
C:\Users\vicky\AppData\Local\{CC907145-2EB5-4126-8FD9-3826B2447F84}
C:\Users\vicky\AppData\Local\{CCE146F5-5FCD-4817-9687-04D0A41FF40B}
C:\Users\vicky\AppData\Local\{CE30A1D2-63C3-45A1-AAF5-7A2CCA8B406F}
C:\Users\vicky\AppData\Local\{CF717364-80F2-405E-B2DC-AB1DC2856BA1}
C:\Users\vicky\AppData\Local\{D0B466B4-978E-437E-9534-B918E33CF404}
C:\Users\vicky\AppData\Local\{D10BF493-9900-4F93-BF2A-A5DB16003D7A}
C:\Users\vicky\AppData\Local\{D1FA4B76-AEDD-47DE-BF8C-AE6631DA9034}
C:\Users\vicky\AppData\Local\{D21F604F-D83F-443E-8C0E-AB8C0B0DB3B5}
C:\Users\vicky\AppData\Local\{D2885067-FB5D-41F5-B48F-BB868F08A186}
C:\Users\vicky\AppData\Local\{D7AD1FE1-E7D7-44B0-BA60-47885362CDDB}
C:\Users\vicky\AppData\Local\{DB1C531D-770A-416A-ACE9-7C0F66E35AC5}
C:\Users\vicky\AppData\Local\{DB9DCF3C-F98E-4C1F-81A7-980EB0E41797}
C:\Users\vicky\AppData\Local\{DC6F41F7-2A0E-4ADB-B6FA-3AC068F01B89}
C:\Users\vicky\AppData\Local\{DC955844-9A86-4F98-9F34-64F974539EBC}
C:\Users\vicky\AppData\Local\{DC95B7D7-C481-4BA8-9CD9-1BE640155FAF}
C:\Users\vicky\AppData\Local\{DCA5450C-C218-4EF4-80EC-A124925FF0DB}
C:\Users\vicky\AppData\Local\{DCF7AD2F-F85E-4AFF-A302-A21ACBA53D2B}
C:\Users\vicky\AppData\Local\{DD6013C1-45FE-410E-9F33-097A8BD8520C}
C:\Users\vicky\AppData\Local\{E0A3832A-4628-4B85-8571-BAAA737FC9CB}
C:\Users\vicky\AppData\Local\{E0B6F5DA-7B5A-41B9-A3C9-FAD596305724}
C:\Users\vicky\AppData\Local\{E0E3AA9B-5626-422E-A45A-B42C7BBD1DD0}
C:\Users\vicky\AppData\Local\{E148E21F-27CF-458F-8695-DE337C5B0447}
C:\Users\vicky\AppData\Local\{E1C3BD3C-1092-4F0A-B0C7-16FC64533828}
C:\Users\vicky\AppData\Local\{E356FA59-A24D-4B9E-BD7B-7E0666557CD6}
C:\Users\vicky\AppData\Local\{E3E51A71-0239-46CC-87AD-04E41C64FC60}
C:\Users\vicky\AppData\Local\{E77F142A-3889-4C97-9809-59F9A2CAAD2C}
C:\Users\vicky\AppData\Local\{E7DE6E1F-A4F3-4957-934F-9C3AB1BAD1B3}
C:\Users\vicky\AppData\Local\{E896B657-A101-44C5-A370-5E8AD2EDCE1C}
C:\Users\vicky\AppData\Local\{E8BAC6C3-988B-41E4-A7EF-D21FD745501B}
C:\Users\vicky\AppData\Local\{EB1731E5-F6D9-4F46-AB49-9E4029217DCB}
C:\Users\vicky\AppData\Local\{EC65ED21-91A8-4A67-94DA-83C2296A66A1}
C:\Users\vicky\AppData\Local\{EE680734-B876-4C0B-9D8D-5FCF022B5FDE}
C:\Users\vicky\AppData\Local\{EED0C964-74AF-46B2-8829-54D943C4E427}
C:\Users\vicky\AppData\Local\{EF8AC756-7740-4E54-B585-9E6155B03978}
C:\Users\vicky\AppData\Local\{EFB78EDF-6AF5-4139-BEF8-D5BBBD5E6D12}
C:\Users\vicky\AppData\Local\{EFE21566-5DC2-46B1-BF84-33459FC73A18}
C:\Users\vicky\AppData\Local\{F0063EBE-34B3-48E0-BA30-E8D0D5BF9C27}
C:\Users\vicky\AppData\Local\{F13B7CD8-531A-4ED4-836F-B97A299063F8}
C:\Users\vicky\AppData\Local\{F4032E4E-0316-4EBA-AFDF-3B41643756B7}
C:\Users\vicky\AppData\Local\{F4538D30-A159-43D6-A33C-12292732F070}
C:\Users\vicky\AppData\Local\{F567870A-3609-4B68-84FE-1D82509E6ABD}
C:\Users\vicky\AppData\Local\{F59AFCDB-FB66-4306-8B57-9A5BB2A6A8F8}
C:\Users\vicky\AppData\Local\{F5AAF826-4667-457B-993A-D6F4EF4EF85D}
C:\Users\vicky\AppData\Local\{F5DCD36A-CE96-4A1D-B68C-34839E5DA7A0}
C:\Users\vicky\AppData\Local\{F839C8E2-4D96-46BA-A3A9-16326AA4D4F7}
C:\Users\vicky\AppData\Local\{F84ACB17-8E4F-4543-869B-EE277C2CA3E7}
C:\Users\vicky\AppData\Local\{F88270F3-DF5B-4084-B8B3-A65053115DAC}
C:\Users\vicky\AppData\Local\{FD46DB9B-667A-49C6-80D3-B2CAE72605B9}
C:\Users\vicky\AppData\Local\{FD7D163D-708E-4F98-86AF-8612C2CB155C}
Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.txt on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.

This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

Quote:
Originally Posted by BaggedCat View Post
Windows Update still not updating code 80096001
Try using the automated troubleshooter from this link: http://support.microsoft.com/kb/971058
Try "Aggressive Mode" if it is available.

If it works, reinstall MSE and then run the below:
If it did not work, do not install MSE just yet, but proceed with the below:

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #12  
Old 12-24-11, 17:32
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Used combofix with new script. log attached.

Microsoft FixIt troubleshooter:-
no aggressive mode option.
Msg after completed:-
"Windows Update components configured incorrectly - fixed"
Msg. "No problems need attention."

Windows Update still doesn't work. same error 80096001

new MGlogs attached
Attached Files
File Type: txt ComboFixLog.txt (31.3 KB, 3 views)
File Type: zip MGlogs.zip (366.1 KB, 6 views)
Reply With Quote
  #13  
Old 12-24-11, 18:56
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

new info:-
while in the drop down tabs on the right in Security Centre gave a not so helpful

"Security Centre Can't turn on Windows Defender. Please try again later."

clicking Windows Defender in the left pane of Security Centre gave a more helpful message with a code.

"Windows Defender
Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service."
Reply With Quote
  #14  
Old 12-24-11, 19:21
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Are you able to click the "Check for Updates" button?

I'm trying to find out when exactly do you receive that error message.

Edit: Did not see your last message. Go ahead and answer mine and I will review your latest message.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #15  
Old 12-24-11, 19:31
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

hi,
i can see the 'check for updates' button.
when i click it it does a green loading bar for about 2 seconds then i get the failed error. pic attached
Attached Images
File Type: jpg Windows update.jpg (94.1 KB, 6 views)
File Type: jpg WUError.jpg (97.7 KB, 6 views)
Reply With Quote
Sponsored links
  #16  
Old 12-24-11, 19:49
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

I am attaching a register.zip to this message.

Inside of it is:
register.bat

Extract register.bat to your desktop.
Right-mouse click it once and select "Run as Administrator".
When it's done, Notepad (log.txt) should have opened.
Close Notepad and attach log.txt to your next message. (it should be on your desktop)

Then reboot your PC and retry Windows Update.
Attached Files
File Type: zip register.zip (655 Bytes, 9 views)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #17  
Old 12-24-11, 20:15
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

the log.txt says:
[SC] SetServiceObjectSecurity SUCCESS

the Notepad that opened says:
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

after reboot, Windows Update still gave same error.
Attached Files
File Type: txt log.txt (39 Bytes, 3 views)
Reply With Quote
  #18  
Old 12-24-11, 20:31
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

I am uploading MicrosoftFixit50202.zip

Inside of it is MicrosoftFixit50202.msi
Extract MicrosoftFixit50202.msi to your desktop.

When asked which mode would you like to proceed in -- Choose "Aggressive".
Let this run and then reboot for changes to occur.

Then retry Windows Update.
Attached Files
File Type: zip MicrosoftFixit50202.zip (189.6 KB, 26 views)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #19  
Old 12-24-11, 20:41
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Quote:
Originally Posted by BaggedCat View Post
new info:-
while in the drop down tabs on the right in Security Centre gave a not so helpful

"Security Centre Can't turn on Windows Defender. Please try again later."

clicking Windows Defender in the left pane of Security Centre gave a more helpful message with a code.

"Windows Defender
Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service."
The Windows Defender service is gone according to your logs.

This is becoming a common occurrence now with today's malware infections.
We are seeing more and more services get completely deleted from compromised systems.

The Windows Defender is not a big loss if we can get MSE to work as MSE would have disabled Windows Defender anyway (they both would not run together).

Your Windows Update service appears to be in tact still and the logs report that it is running properly.
__________________________________________________

After you have attempted MicrosoftFixit50202.msi, try reinstalling MSE and let me know how that goes.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #20  
Old 12-24-11, 21:15
BaggedCat BaggedCat is offline
Private E-2
 
Join Date: Dec 2011
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: 0Access remnants? 0x80096001 MSE+Windows update fail

Same error still occurs with Windows Update after running MicrosoftFixit50202.msi in aggressive mode and restarting.

After installing MSE it auto updated and autoscanned.
The system tray icon is green and says Protected.

However if i click update again it gives an error. pic attached.
'Virus and spyware definitions - connection failed'

I'll have to leave it tonight. big day tomorrow, going to get some sleep. have a nice christmas!
Attached Images
File Type: jpg MSE.jpg (99.2 KB, 7 views)
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Update Fail [Error number: 0x80070424] superdan Malware Removal 1 09-02-11 23:00
Update FAIL - As Per TOO Often?!? grc123 Software 6 05-16-11 23:13
antivirus and windows update FAIL tvrb Software 8 06-01-10 01:10
DNS changer virus - fail to update antivirus or windows updates murariua Malware Removal 3 04-30-09 02:08
Windows update show up as o kb and fail to install Treetops Software 2 06-18-08 19:58


All times are GMT -5. The time now is 19:03.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger