Jump to content

PUM.UserWLoad and Trojan.Ransom keep coming back


chuck95

Recommended Posts

Hi, thanks in advance...

Last week I clicked on a link in an e-mail, and Malwarebytes Pro popped up in the corner. I think it said it blocked a malicious site, but I'm not sure. Anyway, all seemed fine until a day or two later, my Yahoo Mail account suddenly e-mailed everyone in my address book.

I ran malwarebytes several times, but PUM.UserWLoad and Trojan.Ransom keep coming back.

I also ran MS security essentials, spybot SD, adaware and TDDSKiller. Nothing seems to remove these. I can't honestly say I see any symptoms. The computer's running OK, but it makes me nervous that I'm not secure.

I also attached the tddskiller log in case that's the next step. (no malicious objects were found)

I was hoping buying the Pro version of Malwarebytes would have better protected me. :(

But I guess there's no perfect solution.

Thanks very much for your help!

Link to post
Share on other sites

Hello Chuck95 and welcome to MalwareBytes forums.

Please stop self-medicating. Do not run other tools on your own.

Moderator note: Please always Copy all contents of log(s) and Paste directly into main-body of Reply.

Do NOT use the attach option unless I ask you. Re-post all your logs but this time directly into reply-box.

Link to post
Share on other sites

Sorry, I ran those other tools before I found this forum.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by STUDIO 1749 USER at 9:58:51 on 2012-12-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1711 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\ProgramData\Rpcnet\Bin\rpcld.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

C:\Program Files (x86)\7 Taskbar Tweaker x64.exe

C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = Preserve

uProxyServer = 192.168.2.254:8000

uWindows: Load = C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat

mWinlogon: Userinit = userinit.exe,

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer

uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

uRun: [7 Taskbar Tweaker] "C:\Program Files (x86)\7 Taskbar Tweaker x64.exe" -hidewnd

uRun: [AdobeBridge] <no file>

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

StartupFolder: C:\Users\STUDIO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOB~1.LNK - C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{395407CF-51B4-414C-A348-7D5860F75EA1} : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{399C0671-C966-4443-9360-D2EE5292A459} : DHCPNameServer = 10.232.17.240 10.232.17.241

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\14E64627F69646455647865627 : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\348696C6462756E63725F6F6D6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\445637D6F6E64664963786C4962627162797 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\76F6563786 : DHCPNameServer = 4.2.2.1

TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\8686F6E6F62737 : DHCPNameServer = 107.16.250.1 64.134.255.2 64.134.255.10

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\View22\Version 3.10.50\NPView22.dll

FF - plugin: C:\Users\STUDIO 1749 USER\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-21 14456]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-19 55280]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-9-2 1477728]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-31 89600]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-9-2 2480048]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-4 676936]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-5-31 23912]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-9-2 251488]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-19 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-19 172704]

R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-12-26 20752]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-19 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-31 158976]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-4 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-5-31 74272]

R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-10-21 15360]

R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-10-21 17920]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 kmttg;kmttg;C:\kmttg v0p8u\service\win32\bin\wrapper.exe [2012-9-3 217088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-5-4 36328]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216]

S3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2010-10-31 7959552]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-5-4 125416]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-5-4 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-5-4 159208]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-4 59392]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-24 1255736]

S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-5-17 1104656]

.

=============== Created Last 30 ================

.

2012-12-22 23:21:35 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDDBE44B-1ABE-43BF-B7D1-0E5501C670B1}\mpengine.dll

2012-12-22 04:22:57 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Roaming\LavasoftStatistics

2012-12-22 04:22:48 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Local\Downloaded Installations

2012-12-22 04:22:40 47496 ----a-w- C:\Windows\System32\sbbd.exe

2012-12-22 04:22:40 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2012-12-22 04:22:25 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Local\adawarebp

2012-12-22 04:22:25 -------- d-----w- C:\ProgramData\blekko toolbars

2012-12-22 04:22:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-12-22 04:22:16 -------- d-----w- C:\Program Files (x86)\adawaretb

2012-12-22 04:22:14 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2012-12-22 04:21:19 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Roaming\Ad-Aware Antivirus

2012-12-22 03:47:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-12-22 03:47:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-12-21 21:38:54 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-21 21:01:58 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 21:01:58 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 21:01:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 21:01:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-20 04:54:21 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-12 13:11:19 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-12 13:11:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-12 13:11:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-12 13:09:27 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-12 13:09:26 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-28 11:53:25 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67B6F50D-1C15-4EBC-9999-AABE5497813B}\gapaengine.dll

.

==================== Find3M ====================

.

2012-12-23 14:43:52 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2012-12-23 04:49:35 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2012-12-12 03:58:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 03:58:41 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2010-03-20 21:45:43 75264 ----a-w- C:\Program Files (x86)\7 Taskbar Tweaker x64.exe

.

============= FINISH: 10:02:23.73 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/23/2010 8:14:51 PM

System Uptime: 12/23/2012 9:39:03 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0KVMW2

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | U2E1 | 2400/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 41.947 GiB free.

D: is FIXED (NTFS) - 445 GiB total, 108.463 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 20 GiB total, 14.818 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&72E777F&0&FCA13E998C44_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&72E777F&0&FCA13E998C44_C00000000

Service:

.

==== System Restore Points ===================

.

RP501: 12/21/2012 12:57:44 PM - Scheduled Checkpoint

RP502: 12/21/2012 4:00:30 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Acronis True Image Home

Ad-Aware Browsing Protection

Add or Remove Adobe Premiere Pro CS5

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Control Center

Audacity 1.3.13 (Unicode)

Bonjour

Canon Inkjet Printer Driver Add-On Module

Canon iP2700 series Printer Driver

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

DVDFab 7.0.9.3 (08/08/2010)

DVDFab 8.1.1.2 (08/08/2011) Qt

EasyTether

Foxit Reader

Google Chrome

GoToAssist 8.0.0.514

Intel® Management Engine Components

Intel® Turbo Boost Technology Driver

Intel® Turbo Boost Technology Monitor

Internet Explorer (Enable DEP)

InterVideo WinDVD Platinum 5

IrfanView (remove only)

iTunes

Java 7 Update 10

Java Auto Updater

JavaFX 2.1.1

JumpStart Toddlers v1.4

Junk Mail filter update

LAME v3.98.3 for Audacity

LeapFrog Connect

LeapFrog Tag Plugin

LimeWire 5.5.10

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Miss Spider

Mozilla Firefox 16.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

PdaNet for Android 2.45

PDF Settings CS5

PowerDVD DX

PxMergeModule

QPST

Quickset64

QuickTime

QuickTime MPEG2

Roxio Burn

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Skins

Skype Toolbars

Skype™ 5.10

Spybot - Search & Destroy

Synaptics Pointing Device Driver

TiVo Desktop 2.8.1

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnyiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnyiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

VideoBrowser

View22

VLC media player 2.0.4

WIDCOMM Bluetooth Software

WildTangent Games

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

12/23/2012 9:43:53 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

12/22/2012 11:49:41 PM, Error: Service Control Manager [7034] - The kmttg service terminated unexpectedly. It has done this 1 time(s).

12/21/2012 11:28:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2012 11:25:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2396.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/21/2012 11:25:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/21/2012 11:22:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/21/2012 10:45:34 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2012 10:45:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

12/21/2012 10:45:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/21/2012 10:43:50 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2012 10:43:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/21/2012 10:43:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/21/2012 10:43:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/21/2012 10:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/21/2012 10:43:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

12/21/2012 10:43:32 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2012 5:19:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2241.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/20/2012 10:22:36 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

12/19/2012 8:12:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/19/2012 4:27:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/18/2012 4:25:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.

.

==== End Of File ===========================

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: [color-red]µTorrent

Uninstall it and confirm that for me, before we go much further.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes

    then select/click Malwarebytes Anti-Malware Chameleon

  2. Once the Help file opens, click on a Chameleon button (starting with #1)
  3. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  4. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. at the top
  5. Press any key to continue as it says in the window {space-bar will do}
  6. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  7. Have infinite patience during this process
  8. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  9. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  10. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  11. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  12. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  13. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  14. If prompted to restart your computer to complete the removal process, click Yes :excl:
  15. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  16. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Edited by Maurice Naggar
Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 5

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 09:20:32

# Updated 23/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : STUDIO 1749 USER - STUDIO1749USER

# Boot Mode : Normal

# Running from : C:\Users\STUDIO 1749 USER\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\blekko toolbars

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\STUDIO 1749 USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1034 octets] - [24/12/2012 09:13:53]

AdwCleaner[R2].txt - [967 octets] - [24/12/2012 09:20:32]

########## EOF - C:\AdwCleaner[R2].txt - [1026 octets] ##########

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : STUDIO 1749 USER [Admin rights]

Mode : Scan -- Date : 12/24/2012 09:23:31

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

[sUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc]

[sUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc]

[sUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 24 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : pwbpoxobfwfdkhf (C:\ProgramData\pwbpoxob.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : pwbpoxobfwfdkhf (C:\ProgramData\pwbpoxob.exe) -> FOUND

[sHELL][Rans.Gendarm] HKCU\[...]\Windows : Load (C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat) -> FOUND

[sHELL][Rans.Gendarm] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Windows : Load (C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.2.254:8000) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : TivoServer ("C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND

[RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : TivoNotify ("C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND

[RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : SansaDispatch (C:\Users\STUDIO 17 USER\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\Users\Default\NTUSER.DAT

-> D:\Users\Default User\NTUSER.DAT

-> D:\Users\STUDIO 17 USER\NTUSER.DAT

-> D:\Documents and Settings\Default\NTUSER.DAT

-> D:\Documents and Settings\Default User\NTUSER.DAT

-> D:\Documents and Settings\Public\NTUSER.DAT

-> F:\windows\system32\config\SOFTWARE

-> F:\Users\Default\NTUSER.DAT

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 ATA Device +++++

--- User ---

[MBR] 90271bd8217af070cdd2cb67018af756

[bSP] 2a18152218ba91fda598b92c2cff6f6c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 282 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 578340 | Size: 20473 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 42507990 | Size: 456181 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK5056GSY ATA Device +++++

--- User ---

[MBR] bcb686814fdc30aa060173c27d4b6c4b

[bSP] c431e656f43b24d2b9fe5f6b3c893c12 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12242012_02d0923.txt >>

RKreport[1]_S_12242012_02d0923.txt

Link to post
Share on other sites

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

NEXT:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member chuck95 only. If you are a casual viewer, do NOT try this on your system!

If you are not chuck95 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Thank you Maurice. Malwarebytes reports no malicious objects detected now.

So, these steps seem to have worked, though I wish combofix hadn't deleted my WinDV software without asking first. I've been using that for years without a problem. No big deal though. I can re-download it.

Do you recommend any other software I should be running to keep safe from Malware and viruses, other than my current Malwarebytes Pro and MS Security Essentials?

Wish I hadn't clicked that e-mail link. I usually don't fall for such things!

Thanks again,

Chuck

---------------------------------------------------------------

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 10:57:23

# Updated 23/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : STUDIO 1749 USER - STUDIO1749USER

# Boot Mode : Normal

# Running from : C:\Users\STUDIO 1749 USER\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\blekko toolbars

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\STUDIO 1749 USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1034 octets] - [24/12/2012 09:13:53]

AdwCleaner[R2].txt - [1095 octets] - [24/12/2012 09:20:32]

AdwCleaner[s2].txt - [1029 octets] - [24/12/2012 10:57:23]

########## EOF - C:\AdwCleaner[s2].txt - [1089 octets] ##########

ComboFix 12-12-23.01 - STUDIO 1749 USER 12/24/2012 11:09:52.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2232 [GMT -5:00]

Running from: c:\users\STUDIO 1749 USER\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\WinDV

c:\program files (x86)\WinDV\Readme.txt

c:\program files (x86)\WinDV\WinDV.exe

c:\programdata\LoJackNotifier.txt

c:\users\STUDIO 1749 USER\AppData\Local\Temp\stt9194.tmp

c:\users\STUDIO 1749 USER\AppData\Roaming\inst.exe

c:\users\STUDIO 1749 USER\AppData\Roaming\STUDIO 1749 USER3SQLite3.dll

c:\users\STUDIO 1749 USER\AppData\Roaming\STUDIO 1749 USERlog.dat

c:\users\STUDIO 1749 USER\AppData\Roaming\Windir

c:\users\STUDIO~1\AppData\Local\Temp\stt9194.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))

.

.

2012-12-24 16:21 . 2012-12-24 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-24 14:52 . 2012-12-24 14:52 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\Amazon

2012-12-24 14:50 . 2012-12-24 14:50 -------- d-----w- c:\program files (x86)\Amazon

2012-12-24 14:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E05B5761-18B9-4AEE-88ED-34B5B2C5729F}\mpengine.dll

2012-12-24 14:00 . 2012-12-24 14:00 -------- d-----w- c:\program files (x86)\ERUNT

2012-12-22 23:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\LavasoftStatistics

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Local\Downloaded Installations

2012-12-22 04:22 . 2012-12-22 04:22 47496 ----a-w- c:\windows\system32\sbbd.exe

2012-12-22 04:22 . 2012-12-22 04:22 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Local\adawarebp

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\program files (x86)\adawaretb

2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-12-22 04:21 . 2012-12-22 04:21 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\Ad-Aware Antivirus

2012-12-22 03:47 . 2012-12-22 04:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-22 03:47 . 2012-12-22 03:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-12-21 21:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-20 04:54 . 2012-11-28 15:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-12 13:11 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 13:11 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 13:11 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 13:09 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 13:09 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-01 05:05 . 2012-12-01 05:07 -------- d-----w- c:\users\TEMP

2012-11-28 11:53 . 2012-11-28 11:53 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67B6F50D-1C15-4EBC-9999-AABE5497813B}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-24 15:59 . 2010-09-28 20:30 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-12-24 15:59 . 2010-09-22 02:26 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-12-12 13:14 . 2010-08-19 01:01 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-12 03:58 . 2012-08-07 01:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 03:58 . 2012-08-07 01:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-16 08:38 . 2012-12-01 04:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-01 04:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-01 04:34 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 12:00 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 12:00 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 12:00 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 12:00 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 13:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 12:00 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 12:00 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 12:00 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 12:00 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 12:00 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 12:00 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 12:00 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 12:00 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 12:00 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 12:00 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 12:00 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-29 23:54 . 2012-01-05 04:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 03:04 . 2011-03-25 11:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-25 22:47 . 2012-11-15 11:59 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-15 11:59 95744 ----a-w- c:\windows\system32\synceng.dll

2010-03-20 21:45 . 2010-08-04 23:57 75264 ----a-w- c:\program files (x86)\7 Taskbar Tweaker x64.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-05-17 2264336]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-05-17 608016]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-05-17 437520]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-05-17 855824]

"7 Taskbar Tweaker"="c:\program files (x86)\7 Taskbar Tweaker x64.exe" [2010-03-20 75264]

"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]

.

c:\users\STUDIO 1749 USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-10-21 473616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]

VideoBrowser Camera Monitor.lnk - c:\program files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe [2012-1-22 636272]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 kmttg;kmttg;c:\kmttg v0p8u\service\win32\bin\wrapper.exe [2012-09-12 217088]

R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]

R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [2010-10-18 7959552]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-24 1255736]

R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-05-17 1104656]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-22 14456]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-09-03 1477728]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-09-03 2480048]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-09-03 251488]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2011-05-22 20752]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-11 82816]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:58]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56501780-2295284688-1635959401-1001Core.job

- c:\users\STUDIO 1749 USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:21]

.

2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56501780-2295284688-1635959401-1001UA.job

- c:\users\STUDIO 1749 USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 192.168.2.254:8000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-pwbpoxobfwfdkhf - c:\programdata\pwbpoxob.exe

SafeBoot-94851791.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-24 11:36:13

ComboFix-quarantined-files.txt 2012-12-24 16:36

.

Pre-Run: 44,780,724,224 bytes free

Post-Run: 44,543,275,008 bytes free

.

- - End Of File - - D80748B31BBCCF217FB69CBB5612E0AA

Link to post
Share on other sites

Chuck95,

So, these steps seem to have worked, though I wish combofix hadn't deleted my WinDV software without asking first. I've been using that for years without a problem. No big deal though. I can re-download it.

If you have not already re-downloaded & setup WinDV, we can retrieve it (get it back) from the Combofix quarantine.

Let me know what you have done.

xmas.gif

Link to post
Share on other sites

Print out this section or even save it to your pc, for easy offline reference :excl:

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:

 
DEQUARANTINE::
C:/Qoobox/quarantine/C/program files (x86)/WinDV.vir
C:/Qoobox/quarantine/C/program files (x86)/WinDV/Readme.txt.vir
C:/Qoobox/quarantine/C/program files (x86)/WinDV/Windv.exe.vir
QUIT::

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon (red lion) as shown:

CFScriptB-4.gif

:excl: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Please wait for ComboFix to finish running

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.

After you have completed the above, please let me know if the Windv has been restored.

xmas.gif

Link to post
Share on other sites

You are strongly advised to do the following immediately to counter possibility of identity theft.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. Change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 3

Turn off your antivirus so that it does not interfere. Leave your firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Re-enable your antivirus.

NEXT:

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

xmas.gif

Link to post
Share on other sites

OK, in aswMBR, the fix button was NOT enabled.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-26 17:29:09

-----------------------------

17:29:09.231 OS Version: Windows x64 6.1.7601 Service Pack 1

17:29:09.231 Number of processors: 4 586 0x2502

17:29:09.231 ComputerName: STUDIO1749USER UserName:

17:29:13.786 Initialize success

17:29:59.124 AVAST engine defs: 12122601

17:30:24.302 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

17:30:24.302 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC70E Size: 476940MB BusType: 11

17:30:24.318 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0

17:30:24.318 Disk 1 Vendor: TOSHIBA_MK5056GSY LH003D Size: 476940MB BusType: 11

17:30:24.333 Disk 1 MBR read successfully

17:30:24.333 Disk 1 MBR scan

17:30:24.349 Disk 1 Windows VISTA default MBR code

17:30:24.349 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

17:30:24.396 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

17:30:24.443 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920

17:30:24.458 Disk 1 scanning C:\Windows\system32\drivers

17:30:42.367 Service scanning

17:31:26.359 Modules scanning

17:31:26.375 Scan finished successfully

17:40:54.169 Disk 1 MBR has been saved successfully to "C:\Users\STUDIO 1749 USER\Desktop\MBR.dat"

17:40:54.185 The log file has been saved successfully to "C:\Users\STUDIO 1749 USER\Desktop\aswMBR.txt"

F-secure - as you'll see, 2 viruses were not cleaned

Scanning Report

Wednesday, December 26, 2012 18:08:09 - 21:09:40

Computer name: STUDIO1749USER

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\ F:\ Q:\

26 malware found

TrackingCookie.Questionmarket (spyware)

  • System (Disinfected)

TrackingCookie.Adinterax (spyware)

  • System (Disinfected)

TrackingCookie.2o7 (spyware)

  • System (Disinfected)

TrackingCookie.Advertising (spyware)

  • System (Disinfected)

TrackingCookie.Adtech (spyware)

  • System (Disinfected)

TrackingCookie.Adform (spyware)

  • System (Disinfected)

TrackingCookie.Doubleclick (spyware)

  • System (Disinfected)

TrackingCookie.Revsci (spyware)

  • System (Disinfected)

TrackingCookie.WebTrendsLive (spyware)

  • System (Disinfected)

TrackingCookie.Clickbank (spyware)

  • System (Disinfected)

TrackingCookie.Fastclick (spyware)

  • System (Disinfected)

TrackingCookie.Mookie (spyware)

  • System (Disinfected)

TrackingCookie.Adbrite (spyware)

  • System (Disinfected)

TrackingCookie.Xiti (spyware)

  • System (Disinfected)

TrackingCookie.Webtrends (spyware)

  • System (Disinfected)

TrackingCookie.Mediaplex (spyware)

  • System (Disinfected)

TrackingCookie.Liveperson (spyware)

  • System (Disinfected)

TrackingCookie.Tradedoubler (spyware)

  • System (Disinfected)

TrackingCookie.Statcounter (spyware)

  • System (Disinfected)

TrackingCookie.Atwola (spyware)

  • System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

  • System (Disinfected)

Gen:Variant.Barys.8550 (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18ee05f9-53514a8f (Renamed)

Java.Trojan.Agent.C (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27\encode\Unicode.class (Not cleaned)

Java.Trojan.Agent.C (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27 (Renamed)

Exploit:Java/CVE-2012-4681.H (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f\Ini.class (Not cleaned)

Exploit:Java/CVE-2012-4681.H (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f (Renamed)

Statistics

Scanned:

  • Files: 832683
  • System: 6429
  • Not scanned: 4251

Actions:

  • Disinfected: 21
  • Renamed: 3
  • Deleted: 0
  • Not cleaned: 2
  • Submitted: 0

Files not scanned:

  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSWOW64\LOG.TXT
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL
  • C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\DB.MDB
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\TMP.EDB
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\EDB.LOG
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
  • C:\USERS\STUDIO 1749 USER\NTUSER.DAT
  • C:\USERS\STUDIO 1749 USER\NTUSER.DAT.LOG1
  • C:\USERS\STUDIO 1749 USER\NTUSER.DAT.LOG2
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_M9ELEGYCK53AJEA
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_PBTFN8AKKH9YWXY
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\FML4BAA.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_UDZKTBENFNCCNVZ
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\FMLDEE.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\REGCBC1.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\REGCD37.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF1538E1C417CBAB1F.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF257233A671D2F00D.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF31B277AE2CFBECD3.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF4840644B3EC427C4.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF4F1BF45DDB08C08D.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5F0AA31B7880E64A.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5FE318DC953E0EB2.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5FF56249CB4F6EEB.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF79344253106DE8DC.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF82A75E5793A6158C.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF89F92D0418E5C6CF.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFA7DC1B268A9D0030.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFC2DBD54218C3A4D4.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFC71F446F166F0FE8.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFCF8ABB9644FF51FC.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFDF18F69D16F092C0.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REG6F72.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REG999C.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REGEBA0.TMP
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\HSPERFDATA_STUDIO 1749 USER\2580
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\HSPERFDATA_STUDIO 1749 USER\6304
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{E4B5419E-4FB0-11E2-8A64-C44619F0A717}.DAT
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{1C034594-4FB7-11E2-8A64-C44619F0A717}.DAT
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\MICROSOFT.WEBSITE.BC09CC7B.35896778\RECOVERYSTORE.{06365906-4FB0-11E2-8A64-C44619F0A717}.DAT
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\MICROSOFT.WEBSITE.BC09CC7B.35896778\{06365907-4FB0-11E2-8A64-C44619F0A717}.DAT
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\LOCKFILE
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SESSION STORAGE\LOCK
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION STATE\LOCK
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
  • C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{5BA79239-4BB0-11E2-BC05-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A6E5A2B6-4EEB-11E2-8A64-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A6E5A2BB-4EEB-11E2-8A64-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{C76EDFD5-4DE2-11E2-8254-0026B9ED6E28}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{98544AE0-4DE8-11E2-81DE-0026B9ED6E28}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT
  • C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT
  • C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT
  • C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT
  • C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT
  • C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT
  • C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT
  • C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT
  • C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT
  • C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT
  • C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT
  • C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT
  • C:\QOOBOX\BACKENV\SYSPATH.DAT
  • C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT
  • C:\QOOBOX\BACKENV\VIKPEV00
  • C:\QOOBOX\BACKENV\SETPATH.BAT
  • C:\PROGRAMDATA\RPCNET\CORE\PKGMGR\RPCLD.CAB
  • C:\PROGRAMDATA\RPCNET\BIN\ABWFSCN.DLL
  • C:\PROGRAMDATA\RPCNET\BIN\GENSERDSC.DLL
  • C:\PROGRAMDATA\RPCNET\BIN\RPCLD.EXE
  • C:\PROGRAMDATA\RPCNET\APP\LD\LDPARAMS.XML
  • C:\PROGRAMDATA\RPCNET\APP\LD\DATA\LDDATA.XML
  • C:\PROGRAMDATA\RPCNET\APP\LD\DATA\WFDATA.XML
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\IMPSERVICEEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.LOCK
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.67
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.7E
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.80
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.A0
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.87
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VE0
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VE1
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VF
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0028A9E7B0C542559337AB0EE924B8DE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0165D082A24600C9398469C3F105F5F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031E97ACA2782763FC8A2DAD7A81E50D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05D42D6A5F3F35501EE58246F95A6443_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\064028BBAE21A289F91BBE6CFA9E8734_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\068CB7D37E36E6750C9ADCD4FF49DB28_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06FC8478F2A59563858F9674322D62F7_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075BA5CB5799894A99873AD875EB367C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A994989340203475816266D36AA0650_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B6D368CCBBE0F5CF7EE52130DAF63D8_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C45C6158FA404F07F8F4BD114DF4F9C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DE848D8610E3D8875FF5A9A5351F2CF_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EE61A3F024E491B3925228E9F3177F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\105561BF367DBB3298A4016C18EEE792_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1143D2DDD0B88558AF5F8EF89917AE25_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\123CCC44C5E3BB297A9A55325394CF07_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12490265C4351A1D658022FF200E0628_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\127D18DAAA00BC1907A39DDBFA68E2BB_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1332E461B1557B76C9D89116CE40CED2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\138B9AC2E02DDC8E2AD70959356332AF_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15805B53A2953D850D8C01148E73B2D3_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15DFFD65EA167DC728A1CA301B297F53_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1661F87BCE71EC34700186BB5D6A5E15_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1736F97953D2E605C4C49B3E78352864_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19D6A67FC7100DC7C12FBCC4637D61D9_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC491D24298C783B2BF80E2A55C9D7A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BBF76024AEF45365B564FABE1B288E3_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C39DBCC22A85CDFBD899D81FDE3C99B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DFB53AC4646FEFCE108CD95FA05F4C5_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E53921F1E474F31DA26505FB89B1F32_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED82067D84718F0588842BEDA7BD02E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EFCED170768FC125BCFE34D97DF3AA5_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24A3E9342247293D564AA931E2BED8E2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24C31CA235BC5037116B6F5C1259E98D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2545353304EEA6E6BFF1E6E5FA5D5415_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25BDF05A0A5963E66E6CD5BCA6CE5724_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2608B50D5755A9A40F901C160281F3B4_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\283AE8AF5463765A155ACC9C077B1011_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29158727CDD1B5CF634928E68CF430F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29877D83D6CD1086BC2B3D796B81687B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B4BC4EFF8762BD1B3B944F513069A24_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BC9359616D6D13A8F227673A10699BE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D72F31524B25F876FCACD234E791782_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DCF9FAA19E29B7E5A62FABDAD6C7B0E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EB8567D97C4D60570CD4A0925654C0C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F5E910BD551544C0B6262DC90D6C884_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3019D06ED7F62B846CD7F84ADA86CD47_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FE87674E52843E104A93E3AA4A1166_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\387E3698F37F206B3BAB456EDA7E111C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BB16FCC42CF22C96AEA8AA58E8DE25F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C675764B1AF8875ED69B5306C47A34E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3CDF8DB5D5B635C7F06B5EFE8B919E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EBD6E10ED2C5020449F32708B1D7AF6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40AB768BB55C92713D9C2D0D53606E37_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4176EE7CFFF535C71371C3F0A41CB916_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43966E6A69BD15134FDDA7DA97FBC5C5_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442429340B983E18B4D5F45772779FE3_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\447268E778E923CA94999BD01590FB36_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48F9C3013C9C2A9B7D80D023880631AC_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\490B22135BAB3DB0A3D403C07A397995_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\493B35EEE918422BD30313A2B5F8FE98_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4ACF1C684985FCEE0B10AD0DBD6A3994_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B7C05C55821AF094961C3B6E22900F8_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F7B80643813082C0DB564FDC23CFF20_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FA65463289245BCC702A30F7A073195_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50A2A85BA32F196E887EDE131B73140A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50037645C080D8CBEA769F951F76E8F1_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50B4AA607D7B8286FFF0DAED689D7A82_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\525B38AA2873090320E6D009EAC2FE38_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\552CA052693FDB7487B4A86E5FA0E7E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5572822D205F8C5B61A1AD67B58802D2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55E31DD84D1AFFD615494EB63BB66474_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59F925535EED02577914391C50D8C7C6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B66A458FC95F5F8B2A4F8D867A88925_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CA56BB5E0896381D0C2F119081244E0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CE6E455F79DB9BFE6BB88A7332900B8_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D4C2714DBED0FA1395DF7036E96FF45_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DE1BF90EC7A96C4B3BA0420B326454E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5ECEAC55B1AE269A23FDF70E856F2A13_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60F0EA14A6C20F7A6D2115C5BD103FF0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61AB240246FF9AB630F4D8E025E73A8C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6341C21977DD787278EBB34B0B8C8BD7_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63A34421947456976DECD3E0529A0226_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\642AE141E36D1A45AA12AB6A5F21490E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64C8EAD33DB6A4833F09A2D72B8144E0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\678A110D899031FA67B773207BEB0144_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6816F0A6FD85A18218A8BF118AE83D24_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691A4958A28301C46DCEA80CC0FDCB24_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6921D8DA6E59C35C406E8666B1C4232F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BDF6983658858591A07CF6FB595EE7F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B28FE7E315F0CD65BDFD3BEDF48D1E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C5716D4BB27BDFE0C973A9BFD3FB21B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EA44D7FF05FC592C363091D8B6406CA_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EB0221AEC81D3F9B0307087D7B96356_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71348B2AEF2D0B9DB241F3C69E7BDA99_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73D3F695FBB1E22ED91C9886EDE404CE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73F8CC29C2E1C1F0E5981306EB2D21B0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\755BB6330A7775DA923033B5C6969062_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7634EE153005AE39EFCE983E52F82A98_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\765F41EF8171CED92C90626B080F6084_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77C2B8FD4DBE8EFE25D03232E51F0C62_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76EB113C78C0241321139463523885C9_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77D4517026D77C5E121EE12E37E77AEF_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BC3E36F71388D326DD3A8D39ED12F3A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CBBCD9F598ACC218E199A1A62B3FDCC_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EC55458297725AF99D6698046FD2D41_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F5E1D7E0D04AAEC68854267BD5A0C3F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\811EB5F7B4974A46B6CD9B87333CD4ED_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\822B09C9C7F61186E015FAB21F4A49A6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83FFF3DEFCE72157DD642B11A2B01C47_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82298D6D53F4055D9BEA5B43C05C1164_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\841100B5B12F350ED0D56D4DBE0B2C01_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85788FF3E5149A6DAFBBE86DD26D187B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\874E47FF07BC2F4011AD37FCFE20C19D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84F154F2706816E57D6186652A909E31_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88B10FEF1B8A2E2A021A151CFB50C69D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\896BE17B2EA1DFDBB8E96054AFEED779_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\887F5488A3790C6E15703BA663B88C49_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89ABD96CC4FC9E23D70C1D5CBD7B04B0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CA683E89F0B7937F87B4D0B7E8F7CE2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EE42E571C074FFA059AB0FFF3F3D685_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FE3C8ABFEBACA63C492E0EED43D21D9_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FFAE9DC1617BF21A20BEE6933713F38_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\900DBEADD5E8D4DE6CD09777898926F3_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94DC4BF33A6819932DD788095548A811_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9591EF87C409CCE14BB3D894CE63BE66_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97331137DC6413D813AAA2992E423038_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9828F240FCD67F13A0FA0EDFCA38996F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\989A3316FB8A9CF849A7D67E106C5B9B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98C7B115018D4CCA8E4C81E100F1CF06_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A14A16EB8328200FD6CD423FEE32DEB_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A017F61FEDF0B1296F4F9732F9756FC4_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1F02FB7E32210F992F852DF535CF45F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1B29BDE52A9F5B81DEBDCDEE2C36999_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2929FD18BDF8CE80022A41FB314BF0F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A328126A09D742D77784FA61CA8F6A82_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4995A3CD6083EBF9FFB502240BC2A9A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A4283D3147A3408DAA47AE9A0534F8_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A634102305360CD67E741CA98B003573_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A582B3E436D41AECAEBFE1453642DABC_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A69A2E90339B3028715D93EA97589D0E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A6C7455CB9B48696F4604AD02587D02A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA7027E23A30AF064BCF77BF71E35E2F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA7CA0220CE271AEDEFD749BC87D3182_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD0F070061CB4436B4221977D0CF23D4_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0024B116C65ED5FE20CC56473EEFDFA_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B027EC17A981E284B13341746E099B76_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B13707E9384E9FEE35BC305F885AE2C0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1637C0C289C8652684CDEA4D3BA46CD_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2893EE5BC0FFA22A1E072A8D3D6FA5C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B31E3C515B80E68B807F28BD6A34C816_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4C8F1D796E71A6FF97B67DD07C2831B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6216B8C033E1719CDE7B32E055924B6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B798F85F1055BCDE3F8A403662C08B57_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B79D00FC893FA6CA0654B86E8DA5F048_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9F3F2CD6F862BDE19E2ECBFFDF76A59_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0A021C1CC58B18E450419399DD52E8_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB4051AD96BB26D8FFCB0412E43589FB_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB6116DF34A2C85E3EBF3E5FCCAC6BC0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB9C99AD5B76C22F6CF228AFB52E77E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCD71F03DFD9F18504D9C3796C7AF438_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDA5730077D057223F02FE32DFF3E4DF_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE7A44162DCB96145484BBAEE680F5D0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0CDCE88FC38442DC4B0F0C074244CB0_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1A176DE8E59B721E6E0749951F9E4AA_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C22617C33BD6D0415B8A9A2B084BE7B1_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C39A7AEFA1184B109F1E97C5BD1A3A32_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C41B1BEE4AECBB18E3D5821C207613D2_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C47CDD01A279C0B7D2ACC499EB7EBD28_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C49787BF7A1ACC9109BE999137A10D41_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6060F3DB9581BA6B86DEA6C72FBD10A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C63C251A5D31F12C7923D7AD2CF0466A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C763791FF16E46A865498B9048122E06_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAAFEE6CE2CB3CA237D565507C674B1B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC80EBDB30774544EC8161508C0A4686_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC886871841C2AA499511305F39E946B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDAE0B925E86C4476CF0D94314602331_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1025A0A0BE2668BBD95922A8A707976_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD8CA096B717F024B228243F13C104CD_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3646CE7F75616A29886C0D941826195_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D44BD184A3A95CFBB06F5D98706524FE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D46B3F058843418F23C402DBF5A5F95C_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4EAC1767E2B25DED5396C922E5C6930_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D74A53B0EF14A6CD2DBFA88C77FB454F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D80C8ED4506D2FB47B876D7CEDD0472F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D934CDEA7B5274CB71B7B68C48972785_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D988D4AE624C82DB2878E4DF022C3AAE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB38089AAEBF645214FAAB31FE4D8AEE_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCF56BFE6479AB7DA0220D0EAF179996_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE663F8639A8E2E05E426EBF5C8F6553_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEA91F9FA2BAC843CB2463EE55E62866_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E040526463198D9183284A914C68DE9E_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0B4B16E41C3C85AA22ACE117DF59249_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E594D7B2ED67F38652B227F526FC5559_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5BFDB91D6A36B4E6CBEEDC2440830B4_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E98ADC1240DF3578E56A79CBEC83E222_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA4E09DCE7E349E14DD8F305F20F5DEA_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB85E443A456AB0AAC45AFD7CE94DC4A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECFBC2B8B2081437C4299E569F8A419D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDC042F3EFC490181970070728A616FD_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F271CDDD3287CADBEE4CB50ED69AAA9D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F35FDAEA9F5920A4304B93687B06F47A_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4955E2B8A950F20CE5DA4C3458E7111_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4C0DA69E884992F17DF5269B7CA8612_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4EA58BDA58433D36C49B39E088C39A1_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F515BB5A9A968F10884C96581C968457_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F606A1B46C5D932840520E805895364F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7216D36F786DE556B2C997A41D66EE3_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA632BAF7D0C8D64A7110ABA78013095_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FABA28B7AE18586D106DFCD9443743F6_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB6FE076C00776CCAEF271EBCA8F7D24_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED71828630704AB01C3F1F331C30294B_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCB6964A2B0EED3552460DC5AA0A2765_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCDA4A12E223D8D7C6193973801DEF35_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDC310EFCEA412E45703699EF14B146D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE048152344AF1A020FC9CDFFC62F1F9_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE4694279FED84198F6D80C50DEB210F_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF5A1ECBD761ACFE1843588B09047D3D_0F2FD379-0DBF-4F71-A168-EE7347677FD7
  • C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\SFTFS.FSD
  • C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\SFTFS.FSG
    NOTE: The rest of the list of "files not scanned" was extremely long. I tried splitting it 5 ways, but it's still too long. Everything I left out had to do with Adobe files, which have been on the computer for years, so hopefully they're not relevent.

Options

Scanning engines:

Scanning options:

  • Scan all files
  • Scan inside archives
  • Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.1

Java 7 Update 10

Java version out of Date!

Adobe Flash Player 11.5.502.135

Mozilla Firefox 16.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

By the way, I don't know why Java would be out of date. I had to reinstall it today to get the F-secure online scanner to work.

And it would only work in Chrome, not in IE.

Link to post
Share on other sites

Good results. Next, a small bit of cleanup.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open. :excl:

  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

xmas.gif

Link to post
Share on other sites

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: STUDIO 1749 USER

->Temp folder emptied: 631752919 bytes

->Temporary Internet Files folder emptied: 2075541262 bytes

->Java cache emptied: 12212883 bytes

->FireFox cache emptied: 704201432 bytes

->Google Chrome cache emptied: 267908996 bytes

->Flash cache emptied: 88685 bytes

User: TEMP

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 129728 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28902 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045734 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 2019 bytes

Total Files Cleaned = 3,555.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: STUDIO 1749 USER

->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: STUDIO 1749 USER

->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12272012_103630

Files\Folders moved on Reboot...

C:\Users\STUDIO 1749 USER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\STUDIO 1749 USER\AppData\Local\Temp\sttDE9B.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Maurice, in the previous F-Secure scan, should we be concerned about these lines of the report?

Java.Trojan.Agent.C (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27\encode\Unicode.class (Not cleaned)

Exploit:Java/CVE-2012-4681.H (virus)

  • C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f\Ini.class (Not cleaned)

Link to post
Share on other sites

Oh, and I noticed my eject button no longer works (it's a Dell Studio 1749 laptop)

Also, the volume buttons do work, but the display that shows the volume level on the screen doesn't.

You'll need to get help (later) on the PC Help forum http://forums.malwarebytes.org/index.php?showforum=6

*after* we are done with this thread. The things you mention are not malware related.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

The system seems good.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

STUDIO 1749 USER :: STUDIO1749USER [administrator]

Protection: Enabled

12/28/2012 11:22:44 PM

mbam-log-2012-12-28 (23-22-44).txt

Scan type: Full scan (C:\|F:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 459191

Time elapsed: 1 hour(s), 2 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\STUDIO 1749 USER\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

TDSSKILLER.exe

Adwcleaner.exe

RogueKiller.exe

aswMBR.exe

SecurityCheck.exe

You may use Control Panel >> Programs and Features and uninstall F-Secure Online scan.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.