Jump to content

chuck95

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OK, uninstalled ComboFix (had to use DOS cd command to change directories for some reason) Cleaned up with OTC, deleted the other files, and uninstalled F-secure. I do have a hardware router. I'm going to look into configuring a standard account. That sounds like a good idea. Can one be created based on everything I already have in my current account (programs, desktop, etc)? I'll google that, or if you know of a link describing the process, I'd appreciate it. Windows update is set to automatic. I used Secunia and updated quicktime and firefox. Now running Spyware Blaster. Copied Burgess' info into my hosts file. I have Acronis True Image. I just have to run it more often!! Installed WOT. Many thanks for your help.
  2. The system seems good. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 STUDIO 1749 USER :: STUDIO1749USER [administrator] Protection: Enabled 12/28/2012 11:22:44 PM mbam-log-2012-12-28 (23-22-44).txt Scan type: Full scan (C:\|F:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 459191 Time elapsed: 1 hour(s), 2 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Oh, and I noticed my eject button no longer works (it's a Dell Studio 1749 laptop) Also, the volume buttons do work, but the display that shows the volume level on the screen doesn't.
  4. All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: STUDIO 1749 USER ->Temp folder emptied: 631752919 bytes ->Temporary Internet Files folder emptied: 2075541262 bytes ->Java cache emptied: 12212883 bytes ->FireFox cache emptied: 704201432 bytes ->Google Chrome cache emptied: 267908996 bytes ->Flash cache emptied: 88685 bytes User: TEMP ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 129728 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28902 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045734 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 2019 bytes Total Files Cleaned = 3,555.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: STUDIO 1749 USER ->Flash cache emptied: 0 bytes User: TEMP Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: STUDIO 1749 USER ->Java cache emptied: 0 bytes User: TEMP Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12272012_103630 Files\Folders moved on Reboot... C:\Users\STUDIO 1749 USER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\STUDIO 1749 USER\AppData\Local\Temp\sttDE9B.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Maurice, in the previous F-Secure scan, should we be concerned about these lines of the report? Java.Trojan.Agent.C (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27\encode\Unicode.class (Not cleaned) Exploit:Java/CVE-2012-4681.H (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f\Ini.class (Not cleaned)
  5. OK, in aswMBR, the fix button was NOT enabled. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-26 17:29:09 ----------------------------- 17:29:09.231 OS Version: Windows x64 6.1.7601 Service Pack 1 17:29:09.231 Number of processors: 4 586 0x2502 17:29:09.231 ComputerName: STUDIO1749USER UserName: 17:29:13.786 Initialize success 17:29:59.124 AVAST engine defs: 12122601 17:30:24.302 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 17:30:24.302 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC70E Size: 476940MB BusType: 11 17:30:24.318 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 17:30:24.318 Disk 1 Vendor: TOSHIBA_MK5056GSY LH003D Size: 476940MB BusType: 11 17:30:24.333 Disk 1 MBR read successfully 17:30:24.333 Disk 1 MBR scan 17:30:24.349 Disk 1 Windows VISTA default MBR code 17:30:24.349 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 17:30:24.396 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 17:30:24.443 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920 17:30:24.458 Disk 1 scanning C:\Windows\system32\drivers 17:30:42.367 Service scanning 17:31:26.359 Modules scanning 17:31:26.375 Scan finished successfully 17:40:54.169 Disk 1 MBR has been saved successfully to "C:\Users\STUDIO 1749 USER\Desktop\MBR.dat" 17:40:54.185 The log file has been saved successfully to "C:\Users\STUDIO 1749 USER\Desktop\aswMBR.txt" F-secure - as you'll see, 2 viruses were not cleaned Scanning Report Wednesday, December 26, 2012 18:08:09 - 21:09:40 Computer name: STUDIO1749USER Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ F:\ Q:\ 26 malware found TrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Adtech (spyware) System (Disinfected) TrackingCookie.Adform (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.WebTrendsLive (spyware) System (Disinfected) TrackingCookie.Clickbank (spyware) System (Disinfected) TrackingCookie.Fastclick (spyware) System (Disinfected) TrackingCookie.Mookie (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Xiti (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Liveperson (spyware) System (Disinfected) TrackingCookie.Tradedoubler (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) Gen:Variant.Barys.8550 (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18ee05f9-53514a8f (Renamed) Java.Trojan.Agent.C (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27\encode\Unicode.class (Not cleaned) Java.Trojan.Agent.C (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\8255d21-4f773d27 (Renamed) Exploit:Java/CVE-2012-4681.H (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f\Ini.class (Not cleaned) Exploit:Java/CVE-2012-4681.H (virus) C:\Users\STUDIO 1749 USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\36535290-6016212f (Renamed) Statistics Scanned: Files: 832683 System: 6429 Not scanned: 4251 Actions: Disinfected: 21 Renamed: 3 Deleted: 0 Not cleaned: 2 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSWOW64\LOG.TXT C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTDIAGLOG.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTUBPM.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SYSTEM.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-APPLICATION.ETL C:\WINDOWS\SYSTEM32\LOGFILES\WMI\RTBACKUP\ETWRTEVENTLOG-SECURITY.ETL C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1 C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2 C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\DB.MDB C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\TMP.EDB C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\2694CE7CE1E47D6FAD3829AE9926A10E2E0B1737.HOMEGROUPCLASSIFIER\B2B97517189FB2AF0E929E190B2FE0E2\GROUPING\EDB.LOG C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT C:\USERS\STUDIO 1749 USER\NTUSER.DAT C:\USERS\STUDIO 1749 USER\NTUSER.DAT.LOG1 C:\USERS\STUDIO 1749 USER\NTUSER.DAT.LOG2 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_M9ELEGYCK53AJEA C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_PBTFN8AKKH9YWXY C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\FML4BAA.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\ETILQS_UDZKTBENFNCCNVZ C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\FMLDEE.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\REGCBC1.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\REGCD37.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF1538E1C417CBAB1F.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF257233A671D2F00D.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF31B277AE2CFBECD3.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF4840644B3EC427C4.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF4F1BF45DDB08C08D.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5F0AA31B7880E64A.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5FE318DC953E0EB2.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF5FF56249CB4F6EEB.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF79344253106DE8DC.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF82A75E5793A6158C.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DF89F92D0418E5C6CF.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFA7DC1B268A9D0030.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFC2DBD54218C3A4D4.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFC71F446F166F0FE8.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFCF8ABB9644FF51FC.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\~DFDF18F69D16F092C0.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REG6F72.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REG999C.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\LOW\REGEBA0.TMP C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\HSPERFDATA_STUDIO 1749 USER\2580 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\TEMP\HSPERFDATA_STUDIO 1749 USER\6304 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{E4B5419E-4FB0-11E2-8A64-C44619F0A717}.DAT C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\{1C034594-4FB7-11E2-8A64-C44619F0A717}.DAT C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\MICROSOFT.WEBSITE.BC09CC7B.35896778\RECOVERYSTORE.{06365906-4FB0-11E2-8A64-C44619F0A717}.DAT C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE\MICROSOFT.WEBSITE.BC09CC7B.35896778\{06365907-4FB0-11E2-8A64-C44619F0A717}.DAT C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\LOCKFILE C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SESSION STORAGE\LOCK C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION STATE\LOCK C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3 C:\USERS\STUDIO 1749 USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1 C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2 C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{5BA79239-4BB0-11E2-BC05-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A6E5A2B6-4EEB-11E2-8A64-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{A6E5A2BB-4EEB-11E2-8A64-C44619F0A717}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{C76EDFD5-4DE2-11E2-8254-0026B9ED6E28}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\SYSTEM VOLUME INFORMATION\{98544AE0-4DE8-11E2-81DE-0026B9ED6E28}{3808876B-C176-4E48-B7AE-04046E6CC752} C:\QOOBOX\BACKENV\APPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\CACHE.FOLDER.DAT C:\QOOBOX\BACKENV\COOKIES.FOLDER.DAT C:\QOOBOX\BACKENV\FAVORITES.FOLDER.DAT C:\QOOBOX\BACKENV\DESKTOP.FOLDER.DAT C:\QOOBOX\BACKENV\HISTORY.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALAPPDATA.FOLDER.DAT C:\QOOBOX\BACKENV\LOCALSETTINGS.FOLDER.DAT C:\QOOBOX\BACKENV\MUSIC.FOLDER.DAT C:\QOOBOX\BACKENV\PERSONAL.FOLDER.DAT C:\QOOBOX\BACKENV\NETHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.DAT C:\QOOBOX\BACKENV\PRINTHOOD.FOLDER.DAT C:\QOOBOX\BACKENV\PROFILES.FOLDER.FOLDER.DAT C:\QOOBOX\BACKENV\PROGRAMS.FOLDER.DAT C:\QOOBOX\BACKENV\PICTURES.FOLDER.DAT C:\QOOBOX\BACKENV\SENDTO.FOLDER.DAT C:\QOOBOX\BACKENV\RECENT.FOLDER.DAT C:\QOOBOX\BACKENV\STARTUP.FOLDER.DAT C:\QOOBOX\BACKENV\STARTMENU.FOLDER.DAT C:\QOOBOX\BACKENV\SYSPATH.DAT C:\QOOBOX\BACKENV\TEMPLATES.FOLDER.DAT C:\QOOBOX\BACKENV\VIKPEV00 C:\QOOBOX\BACKENV\SETPATH.BAT C:\PROGRAMDATA\RPCNET\CORE\PKGMGR\RPCLD.CAB C:\PROGRAMDATA\RPCNET\BIN\ABWFSCN.DLL C:\PROGRAMDATA\RPCNET\BIN\GENSERDSC.DLL C:\PROGRAMDATA\RPCNET\BIN\RPCLD.EXE C:\PROGRAMDATA\RPCNET\APP\LD\LDPARAMS.XML C:\PROGRAMDATA\RPCNET\APP\LD\DATA\LDDATA.XML C:\PROGRAMDATA\RPCNET\APP\LD\DATA\WFDATA.XML C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\IMPSERVICEEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.LOCK C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.67 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.7E C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.80 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.A0 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.87 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VE0 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VE1 C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPCACHE-B094ABD4D62D5A9143D4C25217BDB805341E7207.BIN.VF C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0028A9E7B0C542559337AB0EE924B8DE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0165D082A24600C9398469C3F105F5F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\031E97ACA2782763FC8A2DAD7A81E50D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05D42D6A5F3F35501EE58246F95A6443_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\064028BBAE21A289F91BBE6CFA9E8734_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\068CB7D37E36E6750C9ADCD4FF49DB28_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06FC8478F2A59563858F9674322D62F7_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\075BA5CB5799894A99873AD875EB367C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A994989340203475816266D36AA0650_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B6D368CCBBE0F5CF7EE52130DAF63D8_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C45C6158FA404F07F8F4BD114DF4F9C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DE848D8610E3D8875FF5A9A5351F2CF_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EE61A3F024E491B3925228E9F3177F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\105561BF367DBB3298A4016C18EEE792_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1143D2DDD0B88558AF5F8EF89917AE25_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\123CCC44C5E3BB297A9A55325394CF07_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12490265C4351A1D658022FF200E0628_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\127D18DAAA00BC1907A39DDBFA68E2BB_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1332E461B1557B76C9D89116CE40CED2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\138B9AC2E02DDC8E2AD70959356332AF_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15805B53A2953D850D8C01148E73B2D3_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15DFFD65EA167DC728A1CA301B297F53_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1661F87BCE71EC34700186BB5D6A5E15_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1736F97953D2E605C4C49B3E78352864_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19D6A67FC7100DC7C12FBCC4637D61D9_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC491D24298C783B2BF80E2A55C9D7A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BBF76024AEF45365B564FABE1B288E3_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C39DBCC22A85CDFBD899D81FDE3C99B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DFB53AC4646FEFCE108CD95FA05F4C5_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E53921F1E474F31DA26505FB89B1F32_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED82067D84718F0588842BEDA7BD02E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EFCED170768FC125BCFE34D97DF3AA5_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24A3E9342247293D564AA931E2BED8E2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24C31CA235BC5037116B6F5C1259E98D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2545353304EEA6E6BFF1E6E5FA5D5415_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25BDF05A0A5963E66E6CD5BCA6CE5724_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2608B50D5755A9A40F901C160281F3B4_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\283AE8AF5463765A155ACC9C077B1011_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29158727CDD1B5CF634928E68CF430F2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29877D83D6CD1086BC2B3D796B81687B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B4BC4EFF8762BD1B3B944F513069A24_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BC9359616D6D13A8F227673A10699BE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D72F31524B25F876FCACD234E791782_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DCF9FAA19E29B7E5A62FABDAD6C7B0E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EB8567D97C4D60570CD4A0925654C0C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F5E910BD551544C0B6262DC90D6C884_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3019D06ED7F62B846CD7F84ADA86CD47_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FE87674E52843E104A93E3AA4A1166_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\387E3698F37F206B3BAB456EDA7E111C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BB16FCC42CF22C96AEA8AA58E8DE25F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C675764B1AF8875ED69B5306C47A34E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3CDF8DB5D5B635C7F06B5EFE8B919E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EBD6E10ED2C5020449F32708B1D7AF6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40AB768BB55C92713D9C2D0D53606E37_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4176EE7CFFF535C71371C3F0A41CB916_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43966E6A69BD15134FDDA7DA97FBC5C5_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\442429340B983E18B4D5F45772779FE3_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\447268E778E923CA94999BD01590FB36_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48F9C3013C9C2A9B7D80D023880631AC_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\490B22135BAB3DB0A3D403C07A397995_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\493B35EEE918422BD30313A2B5F8FE98_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4ACF1C684985FCEE0B10AD0DBD6A3994_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B7C05C55821AF094961C3B6E22900F8_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F7B80643813082C0DB564FDC23CFF20_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FA65463289245BCC702A30F7A073195_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50A2A85BA32F196E887EDE131B73140A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50037645C080D8CBEA769F951F76E8F1_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50B4AA607D7B8286FFF0DAED689D7A82_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\525B38AA2873090320E6D009EAC2FE38_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\552CA052693FDB7487B4A86E5FA0E7E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5572822D205F8C5B61A1AD67B58802D2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55E31DD84D1AFFD615494EB63BB66474_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59F925535EED02577914391C50D8C7C6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B66A458FC95F5F8B2A4F8D867A88925_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CA56BB5E0896381D0C2F119081244E0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CE6E455F79DB9BFE6BB88A7332900B8_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D4C2714DBED0FA1395DF7036E96FF45_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DE1BF90EC7A96C4B3BA0420B326454E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5ECEAC55B1AE269A23FDF70E856F2A13_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60F0EA14A6C20F7A6D2115C5BD103FF0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61AB240246FF9AB630F4D8E025E73A8C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6341C21977DD787278EBB34B0B8C8BD7_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63A34421947456976DECD3E0529A0226_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\642AE141E36D1A45AA12AB6A5F21490E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64C8EAD33DB6A4833F09A2D72B8144E0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\678A110D899031FA67B773207BEB0144_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6816F0A6FD85A18218A8BF118AE83D24_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691A4958A28301C46DCEA80CC0FDCB24_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6921D8DA6E59C35C406E8666B1C4232F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BDF6983658858591A07CF6FB595EE7F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B28FE7E315F0CD65BDFD3BEDF48D1E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C5716D4BB27BDFE0C973A9BFD3FB21B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EA44D7FF05FC592C363091D8B6406CA_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EB0221AEC81D3F9B0307087D7B96356_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71348B2AEF2D0B9DB241F3C69E7BDA99_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73D3F695FBB1E22ED91C9886EDE404CE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73F8CC29C2E1C1F0E5981306EB2D21B0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\755BB6330A7775DA923033B5C6969062_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7634EE153005AE39EFCE983E52F82A98_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\765F41EF8171CED92C90626B080F6084_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77C2B8FD4DBE8EFE25D03232E51F0C62_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76EB113C78C0241321139463523885C9_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77D4517026D77C5E121EE12E37E77AEF_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BC3E36F71388D326DD3A8D39ED12F3A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CBBCD9F598ACC218E199A1A62B3FDCC_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EC55458297725AF99D6698046FD2D41_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F5E1D7E0D04AAEC68854267BD5A0C3F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\811EB5F7B4974A46B6CD9B87333CD4ED_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\822B09C9C7F61186E015FAB21F4A49A6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83FFF3DEFCE72157DD642B11A2B01C47_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82298D6D53F4055D9BEA5B43C05C1164_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\841100B5B12F350ED0D56D4DBE0B2C01_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85788FF3E5149A6DAFBBE86DD26D187B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\874E47FF07BC2F4011AD37FCFE20C19D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84F154F2706816E57D6186652A909E31_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88B10FEF1B8A2E2A021A151CFB50C69D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\896BE17B2EA1DFDBB8E96054AFEED779_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\887F5488A3790C6E15703BA663B88C49_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89ABD96CC4FC9E23D70C1D5CBD7B04B0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CA683E89F0B7937F87B4D0B7E8F7CE2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EE42E571C074FFA059AB0FFF3F3D685_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FE3C8ABFEBACA63C492E0EED43D21D9_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FFAE9DC1617BF21A20BEE6933713F38_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\900DBEADD5E8D4DE6CD09777898926F3_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94DC4BF33A6819932DD788095548A811_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9591EF87C409CCE14BB3D894CE63BE66_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97331137DC6413D813AAA2992E423038_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9828F240FCD67F13A0FA0EDFCA38996F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\989A3316FB8A9CF849A7D67E106C5B9B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98C7B115018D4CCA8E4C81E100F1CF06_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A14A16EB8328200FD6CD423FEE32DEB_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A017F61FEDF0B1296F4F9732F9756FC4_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1F02FB7E32210F992F852DF535CF45F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1B29BDE52A9F5B81DEBDCDEE2C36999_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2929FD18BDF8CE80022A41FB314BF0F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A328126A09D742D77784FA61CA8F6A82_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4995A3CD6083EBF9FFB502240BC2A9A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A4283D3147A3408DAA47AE9A0534F8_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A634102305360CD67E741CA98B003573_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A582B3E436D41AECAEBFE1453642DABC_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A69A2E90339B3028715D93EA97589D0E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A6C7455CB9B48696F4604AD02587D02A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA7027E23A30AF064BCF77BF71E35E2F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA7CA0220CE271AEDEFD749BC87D3182_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD0F070061CB4436B4221977D0CF23D4_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0024B116C65ED5FE20CC56473EEFDFA_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B027EC17A981E284B13341746E099B76_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B13707E9384E9FEE35BC305F885AE2C0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1637C0C289C8652684CDEA4D3BA46CD_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B2893EE5BC0FFA22A1E072A8D3D6FA5C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B31E3C515B80E68B807F28BD6A34C816_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4C8F1D796E71A6FF97B67DD07C2831B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6216B8C033E1719CDE7B32E055924B6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B798F85F1055BCDE3F8A403662C08B57_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B79D00FC893FA6CA0654B86E8DA5F048_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9F3F2CD6F862BDE19E2ECBFFDF76A59_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0A021C1CC58B18E450419399DD52E8_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB4051AD96BB26D8FFCB0412E43589FB_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB6116DF34A2C85E3EBF3E5FCCAC6BC0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB9C99AD5B76C22F6CF228AFB52E77E6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCD71F03DFD9F18504D9C3796C7AF438_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDA5730077D057223F02FE32DFF3E4DF_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE7A44162DCB96145484BBAEE680F5D0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0CDCE88FC38442DC4B0F0C074244CB0_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1A176DE8E59B721E6E0749951F9E4AA_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C22617C33BD6D0415B8A9A2B084BE7B1_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C39A7AEFA1184B109F1E97C5BD1A3A32_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C41B1BEE4AECBB18E3D5821C207613D2_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C47CDD01A279C0B7D2ACC499EB7EBD28_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C49787BF7A1ACC9109BE999137A10D41_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6060F3DB9581BA6B86DEA6C72FBD10A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C63C251A5D31F12C7923D7AD2CF0466A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C763791FF16E46A865498B9048122E06_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAAFEE6CE2CB3CA237D565507C674B1B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC80EBDB30774544EC8161508C0A4686_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC886871841C2AA499511305F39E946B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDAE0B925E86C4476CF0D94314602331_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1025A0A0BE2668BBD95922A8A707976_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD8CA096B717F024B228243F13C104CD_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3646CE7F75616A29886C0D941826195_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D44BD184A3A95CFBB06F5D98706524FE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D46B3F058843418F23C402DBF5A5F95C_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4EAC1767E2B25DED5396C922E5C6930_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D74A53B0EF14A6CD2DBFA88C77FB454F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D80C8ED4506D2FB47B876D7CEDD0472F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D934CDEA7B5274CB71B7B68C48972785_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D988D4AE624C82DB2878E4DF022C3AAE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB38089AAEBF645214FAAB31FE4D8AEE_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCF56BFE6479AB7DA0220D0EAF179996_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE663F8639A8E2E05E426EBF5C8F6553_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEA91F9FA2BAC843CB2463EE55E62866_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E040526463198D9183284A914C68DE9E_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0B4B16E41C3C85AA22ACE117DF59249_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E594D7B2ED67F38652B227F526FC5559_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5BFDB91D6A36B4E6CBEEDC2440830B4_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E98ADC1240DF3578E56A79CBEC83E222_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA4E09DCE7E349E14DD8F305F20F5DEA_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB85E443A456AB0AAC45AFD7CE94DC4A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ECFBC2B8B2081437C4299E569F8A419D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDC042F3EFC490181970070728A616FD_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F271CDDD3287CADBEE4CB50ED69AAA9D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F35FDAEA9F5920A4304B93687B06F47A_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4955E2B8A950F20CE5DA4C3458E7111_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4C0DA69E884992F17DF5269B7CA8612_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4EA58BDA58433D36C49B39E088C39A1_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F515BB5A9A968F10884C96581C968457_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F606A1B46C5D932840520E805895364F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7216D36F786DE556B2C997A41D66EE3_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA632BAF7D0C8D64A7110ABA78013095_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FABA28B7AE18586D106DFCD9443743F6_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB6FE076C00776CCAEF271EBCA8F7D24_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED71828630704AB01C3F1F331C30294B_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCB6964A2B0EED3552460DC5AA0A2765_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCDA4A12E223D8D7C6193973801DEF35_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDC310EFCEA412E45703699EF14B146D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE048152344AF1A020FC9CDFFC62F1F9_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE4694279FED84198F6D80C50DEB210F_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF5A1ECBD761ACFE1843588B09047D3D_0F2FD379-0DBF-4F71-A168-EE7347677FD7 C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\SFTFS.FSD C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\SFTFS.FSG NOTE: The rest of the list of "files not scanned" was extremely long. I tried splitting it 5 ways, but it's still too long. Everything I left out had to do with Adobe files, which have been on the computer for years, so hopefully they're not relevent. Options Scanning engines: Scanning options: Scan all files Scan inside archives Use advanced heuristics Copyright © 1998-2009 Product support | Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.135 Mozilla Firefox 16.0.1 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` By the way, I don't know why Java would be out of date. I had to reinstall it today to get the F-secure online scanner to work. And it would only work in Chrome, not in IE.
  6. I decided it was quicker just to re-download the program. Thanks very much for your help Maurice. Hope you had a Merry Christmas.
  7. Thanks, can you give me instructions for retrieving it from quarantine?
  8. Thank you Maurice. Malwarebytes reports no malicious objects detected now. So, these steps seem to have worked, though I wish combofix hadn't deleted my WinDV software without asking first. I've been using that for years without a problem. No big deal though. I can re-download it. Do you recommend any other software I should be running to keep safe from Malware and viruses, other than my current Malwarebytes Pro and MS Security Essentials? Wish I hadn't clicked that e-mail link. I usually don't fall for such things! Thanks again, Chuck --------------------------------------------------------------- # AdwCleaner v2.102 - Logfile created 12/24/2012 at 10:57:23 # Updated 23/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : STUDIO 1749 USER - STUDIO1749USER # Boot Mode : Normal # Running from : C:\Users\STUDIO 1749 USER\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\blekko toolbars ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.1 (en-US) File : C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\STUDIO 1749 USER\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1034 octets] - [24/12/2012 09:13:53] AdwCleaner[R2].txt - [1095 octets] - [24/12/2012 09:20:32] AdwCleaner[s2].txt - [1029 octets] - [24/12/2012 10:57:23] ########## EOF - C:\AdwCleaner[s2].txt - [1089 octets] ########## ComboFix 12-12-23.01 - STUDIO 1749 USER 12/24/2012 11:09:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2232 [GMT -5:00] Running from: c:\users\STUDIO 1749 USER\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\WinDV c:\program files (x86)\WinDV\Readme.txt c:\program files (x86)\WinDV\WinDV.exe c:\programdata\LoJackNotifier.txt c:\users\STUDIO 1749 USER\AppData\Local\Temp\stt9194.tmp c:\users\STUDIO 1749 USER\AppData\Roaming\inst.exe c:\users\STUDIO 1749 USER\AppData\Roaming\STUDIO 1749 USER3SQLite3.dll c:\users\STUDIO 1749 USER\AppData\Roaming\STUDIO 1749 USERlog.dat c:\users\STUDIO 1749 USER\AppData\Roaming\Windir c:\users\STUDIO~1\AppData\Local\Temp\stt9194.tmp . . ((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 ))))))))))))))))))))))))))))))) . . 2012-12-24 16:21 . 2012-12-24 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-24 14:52 . 2012-12-24 14:52 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\Amazon 2012-12-24 14:50 . 2012-12-24 14:50 -------- d-----w- c:\program files (x86)\Amazon 2012-12-24 14:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E05B5761-18B9-4AEE-88ED-34B5B2C5729F}\mpengine.dll 2012-12-24 14:00 . 2012-12-24 14:00 -------- d-----w- c:\program files (x86)\ERUNT 2012-12-22 23:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\LavasoftStatistics 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Local\Downloaded Installations 2012-12-22 04:22 . 2012-12-22 04:22 47496 ----a-w- c:\windows\system32\sbbd.exe 2012-12-22 04:22 . 2012-12-22 04:22 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Local\adawarebp 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\program files (x86)\adawaretb 2012-12-22 04:22 . 2012-12-22 04:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2012-12-22 04:21 . 2012-12-22 04:21 -------- d-----w- c:\users\STUDIO 1749 USER\AppData\Roaming\Ad-Aware Antivirus 2012-12-22 03:47 . 2012-12-22 04:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-22 03:47 . 2012-12-22 03:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-21 21:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 21:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 21:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 04:54 . 2012-11-28 15:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-12 13:11 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 13:11 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 13:11 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 13:09 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 13:09 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-01 05:05 . 2012-12-01 05:07 -------- d-----w- c:\users\TEMP 2012-11-28 11:53 . 2012-11-28 11:53 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67B6F50D-1C15-4EBC-9999-AABE5497813B}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-24 15:59 . 2010-09-28 20:30 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-12-24 15:59 . 2010-09-22 02:26 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-12-12 13:14 . 2010-08-19 01:01 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 03:58 . 2012-08-07 01:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 03:58 . 2012-08-07 01:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-16 08:38 . 2012-12-01 04:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-01 04:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-01 04:34 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 12:00 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 12:00 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 12:00 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 12:00 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 13:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 12:00 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 12:00 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 12:00 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 12:00 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 12:00 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 12:00 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 12:00 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 12:00 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 12:00 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 12:00 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 12:00 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-09-29 23:54 . 2012-01-05 04:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-29 03:04 . 2011-03-25 11:26 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-25 22:47 . 2012-11-15 11:59 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-09-25 22:46 . 2012-11-15 11:59 95744 ----a-w- c:\windows\system32\synceng.dll 2010-03-20 21:45 . 2010-08-04 23:57 75264 ----a-w- c:\program files (x86)\7 Taskbar Tweaker x64.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-05-17 2264336] "TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-05-17 608016] "TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-05-17 437520] "TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-05-17 855824] "7 Taskbar Tweaker"="c:\program files (x86)\7 Taskbar Tweaker x64.exe" [2010-03-20 75264] "EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] . c:\users\STUDIO 1749 USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-10-21 473616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096] VideoBrowser Camera Monitor.lnk - c:\program files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe [2012-1-22 636272] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 kmttg;kmttg;c:\kmttg v0p8u\service\win32\bin\wrapper.exe [2012-09-12 217088] R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 24576] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [2010-10-18 7959552] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-24 1255736] R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-05-17 1104656] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-22 14456] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-09-03 1477728] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-09-03 2480048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-09-03 251488] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2011-05-22 20752] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-11 82816] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360] S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:58] . 2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56501780-2295284688-1635959401-1001Core.job - c:\users\STUDIO 1749 USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:21] . 2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-56501780-2295284688-1635959401-1001UA.job - c:\users\STUDIO 1749 USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 192.168.2.254:8000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-pwbpoxobfwfdkhf - c:\programdata\pwbpoxob.exe SafeBoot-94851791.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-24 11:36:13 ComboFix-quarantined-files.txt 2012-12-24 16:36 . Pre-Run: 44,780,724,224 bytes free Post-Run: 44,543,275,008 bytes free . - - End Of File - - D80748B31BBCCF217FB69CBB5612E0AA
  9. # AdwCleaner v2.102 - Logfile created 12/24/2012 at 09:20:32 # Updated 23/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : STUDIO 1749 USER - STUDIO1749USER # Boot Mode : Normal # Running from : C:\Users\STUDIO 1749 USER\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\blekko toolbars ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.1 (en-US) File : C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\STUDIO 1749 USER\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1034 octets] - [24/12/2012 09:13:53] AdwCleaner[R2].txt - [967 octets] - [24/12/2012 09:20:32] ########## EOF - C:\AdwCleaner[R2].txt - [1026 octets] ########## RogueKiller V8.4.1 [Dec 24 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : STUDIO 1749 USER [Admin rights] Mode : Scan -- Date : 12/24/2012 09:23:31 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc] [sUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc] [sUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc] [sUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 24 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : pwbpoxobfwfdkhf (C:\ProgramData\pwbpoxob.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Run : pwbpoxobfwfdkhf (C:\ProgramData\pwbpoxob.exe) -> FOUND [sHELL][Rans.Gendarm] HKCU\[...]\Windows : Load (C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat) -> FOUND [sHELL][Rans.Gendarm] HKUS\S-1-5-21-56501780-2295284688-1635959401-1001[...]\Windows : Load (C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.2.254:8000) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : TivoServer ("C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer) -> FOUND [RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : TivoNotify ("C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify) -> FOUND [RUN][sUSP PATH] [ON_D:STUDIO 17 USER]HKCU[...]\Run : SansaDispatch (C:\Users\STUDIO 17 USER\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\Users\Default\NTUSER.DAT -> D:\Users\Default User\NTUSER.DAT -> D:\Users\STUDIO 17 USER\NTUSER.DAT -> D:\Documents and Settings\Default\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT -> D:\Documents and Settings\Public\NTUSER.DAT -> F:\windows\system32\config\SOFTWARE -> F:\Users\Default\NTUSER.DAT ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 ATA Device +++++ --- User --- [MBR] 90271bd8217af070cdd2cb67018af756 [bSP] 2a18152218ba91fda598b92c2cff6f6c : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 282 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 578340 | Size: 20473 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 42507990 | Size: 456181 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: TOSHIBA MK5056GSY ATA Device +++++ --- User --- [MBR] bcb686814fdc30aa060173c27d4b6c4b [bSP] c431e656f43b24d2b9fe5f6b3c893c12 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12242012_02d0923.txt >> RKreport[1]_S_12242012_02d0923.txt
  10. Thanks Maurice. I removed the 2 threats as per your instructions. (the first chameleon started with no problem) I rebooted, ran Malwarebytes quick scan again and the same 2 threats reappeared.
  11. Sorry, I ran those other tools before I found this forum. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2 Run by STUDIO 1749 USER at 9:58:51 on 2012-12-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1711 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\ProgramData\Rpcnet\Bin\rpcld.exe C:\Windows\SysWOW64\rpcnet.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe C:\Program Files (x86)\7 Taskbar Tweaker x64.exe C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve uProxyServer = 192.168.2.254:8000 uWindows: Load = C:\Users\STUDIO~1\LOCALS~1\Temp\msrukjc.bat mWinlogon: Userinit = userinit.exe, BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe uRun: [7 Taskbar Tweaker] "C:\Program Files (x86)\7 Taskbar Tweaker x64.exe" -hidewnd uRun: [AdobeBridge] <no file> mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" StartupFolder: C:\Users\STUDIO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOB~1.LNK - C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{395407CF-51B4-414C-A348-7D5860F75EA1} : DHCPNameServer = 8.8.8.8 8.8.4.4 TCP: Interfaces\{399C0671-C966-4443-9360-D2EE5292A459} : DHCPNameServer = 10.232.17.240 10.232.17.241 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\14E64627F69646455647865627 : DHCPNameServer = 192.168.2.254 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\348696C6462756E63725F6F6D6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\445637D6F6E64664963786C4962627162797 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\76F6563786 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{C4BF94D9-8116-4CC5-A76E-725E426F1737}\8686F6E6F62737 : DHCPNameServer = 107.16.250.1 64.134.255.2 64.134.255.10 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\STUDIO 1749 USER\AppData\Roaming\Mozilla\Firefox\Profiles\232gchgs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\View22\Version 3.10.50\NPView22.dll FF - plugin: C:\Users\STUDIO 1749 USER\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-21 14456] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-19 55280] R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-9-2 1477728] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-31 89600] R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-9-2 2480048] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-4 676936] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-5-31 23912] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-9-2 251488] R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-19 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-7-19 172704] R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-12-26 20752] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-19 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-31 158976] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-4 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2010-5-31 74272] R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-10-21 15360] R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-10-21 17920] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 kmttg;kmttg;C:\kmttg v0p8u\service\win32\bin\wrapper.exe [2012-9-3 217088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-5-4 36328] S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216] S3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2010-10-31 7959552] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-5-4 125416] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-5-4 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-5-4 159208] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-4 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-24 1255736] S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-5-17 1104656] . =============== Created Last 30 ================ . 2012-12-22 23:21:35 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BDDBE44B-1ABE-43BF-B7D1-0E5501C670B1}\mpengine.dll 2012-12-22 04:22:57 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Roaming\LavasoftStatistics 2012-12-22 04:22:48 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Local\Downloaded Installations 2012-12-22 04:22:40 47496 ----a-w- C:\Windows\System32\sbbd.exe 2012-12-22 04:22:40 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2012-12-22 04:22:25 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Local\adawarebp 2012-12-22 04:22:25 -------- d-----w- C:\ProgramData\blekko toolbars 2012-12-22 04:22:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-12-22 04:22:16 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-12-22 04:22:14 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-12-22 04:21:19 -------- d-----w- C:\Users\STUDIO 1749 USER\AppData\Roaming\Ad-Aware Antivirus 2012-12-22 03:47:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-12-22 03:47:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-21 21:38:54 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-21 21:01:58 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:01:58 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:01:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:01:57 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-20 04:54:21 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-12 13:11:19 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-12 13:11:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 13:11:06 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-12 13:09:27 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 13:09:26 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-28 11:53:25 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67B6F50D-1C15-4EBC-9999-AABE5497813B}\gapaengine.dll . ==================== Find3M ==================== . 2012-12-23 14:43:52 17920 ----a-w- C:\Windows\System32\rpcnetp.exe 2012-12-23 04:49:35 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll 2012-12-12 03:58:41 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 03:58:41 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2010-03-20 21:45:43 75264 ----a-w- C:\Program Files (x86)\7 Taskbar Tweaker x64.exe . ============= FINISH: 10:02:23.73 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/23/2010 8:14:51 PM System Uptime: 12/23/2012 9:39:03 AM (1 hours ago) . Motherboard: Dell Inc. | | 0KVMW2 Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | U2E1 | 2400/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 41.947 GiB free. D: is FIXED (NTFS) - 445 GiB total, 108.463 GiB free. E: is CDROM () F: is FIXED (NTFS) - 20 GiB total, 14.818 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&72E777F&0&FCA13E998C44_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&72E777F&0&FCA13E998C44_C00000000 Service: . ==== System Restore Points =================== . RP501: 12/21/2012 12:57:44 PM - Scheduled Checkpoint RP502: 12/21/2012 4:00:30 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Acronis True Image Home Ad-Aware Browsing Protection Add or Remove Adobe Premiere Pro CS5 Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Audacity 1.3.13 (Unicode) Bonjour Canon Inkjet Printer Driver Add-On Module Canon iP2700 series Printer Driver Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Dell DataSafe Local Backup - Support Software Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central DVDFab 7.0.9.3 (08/08/2010) DVDFab 8.1.1.2 (08/08/2011) Qt EasyTether Foxit Reader Google Chrome GoToAssist 8.0.0.514 Intel® Management Engine Components Intel® Turbo Boost Technology Driver Intel® Turbo Boost Technology Monitor Internet Explorer (Enable DEP) InterVideo WinDVD Platinum 5 IrfanView (remove only) iTunes Java 7 Update 10 Java Auto Updater JavaFX 2.1.1 JumpStart Toddlers v1.4 Junk Mail filter update LAME v3.98.3 for Audacity LeapFrog Connect LeapFrog Tag Plugin LimeWire 5.5.10 Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Miss Spider Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT PdaNet for Android 2.45 PDF Settings CS5 PowerDVD DX PxMergeModule QPST Quickset64 QuickTime QuickTime MPEG2 Roxio Burn SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Skins Skype Toolbars Skype™ 5.10 Spybot - Search & Destroy Synaptics Pointing Device Driver TiVo Desktop 2.8.1 TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wnyiper TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnyiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) VideoBrowser View22 VLC media player 2.0.4 WIDCOMM Bluetooth Software WildTangent Games Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 12/23/2012 9:43:53 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 12/22/2012 11:49:41 PM, Error: Service Control Manager [7034] - The kmttg service terminated unexpectedly. It has done this 1 time(s). 12/21/2012 11:28:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/21/2012 11:25:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2396.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 12/21/2012 11:25:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 12/21/2012 11:22:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 12/21/2012 10:45:34 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/21/2012 10:45:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 12/21/2012 10:45:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 12/21/2012 10:43:50 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 12/21/2012 10:43:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/21/2012 10:43:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/21/2012 10:43:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/21/2012 10:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/21/2012 10:43:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 12/21/2012 10:43:32 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 12/20/2012 5:19:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2241.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 12/20/2012 10:22:36 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 12/19/2012 8:12:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 12/19/2012 4:27:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/18/2012 4:25:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6. . ==== End Of File ===========================
  12. Hi, thanks in advance... Last week I clicked on a link in an e-mail, and Malwarebytes Pro popped up in the corner. I think it said it blocked a malicious site, but I'm not sure. Anyway, all seemed fine until a day or two later, my Yahoo Mail account suddenly e-mailed everyone in my address book. I ran malwarebytes several times, but PUM.UserWLoad and Trojan.Ransom keep coming back. I also ran MS security essentials, spybot SD, adaware and TDDSKiller. Nothing seems to remove these. I can't honestly say I see any symptoms. The computer's running OK, but it makes me nervous that I'm not secure. I also attached the tddskiller log in case that's the next step. (no malicious objects were found) I was hoping buying the Pro version of Malwarebytes would have better protected me. But I guess there's no perfect solution. Thanks very much for your help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.