TechSpot

Sirefef/1 minute reboot

By Stui Wilson
Jul 26, 2012
  1. Hi There,
    Seems as though I have the same problem as everyone else. Would love some help. Please find below my logs. Thanks

    FRST LOG

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 26-07-2012 15:49:23
    Running from F:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
    HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation)
    HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1298320 2011-04-12] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-12] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-14] (PC Tools)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1406976 2011-12-20] (Wondershare)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [RMAlert] "C:\Program Files\Registry Mechanic\Alert.exe" /PRODUCT=RM /R [1016792 2010-09-15] (PC Tool)
    HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [973488 2012-07-02] (Malwarebytes Corporation)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-25] (Microsoft Corporation)
    HKU\Stuart Wilson\...\Run: [Google Update] "C:\Users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-10-07] (Google Inc.)
    HKU\Stuart Wilson\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)

    ================================ Services (Whitelisted) ==================

    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-25] (Microsoft Corporation)
    2 MSSQL$PROPHETSQL; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPROPHETSQL [29293408 2010-12-09] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-25] (Microsoft Corporation)
    2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-27] (PC Tools)
    2 RalinkRegistryWriter; "C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-20] (Ralink Technology, Corp.)
    2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo)
    2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-25] ()
    2 msftesql$PROPHETSQL; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:pROPHETSQL [x]

    ========================== Drivers (Whitelisted) =============

    3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
    3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-05] (Broadcom Corporation)
    3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-18] (Microsoft Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-02] (Malwarebytes Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-09] (Apple Inc.)
    3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1277504 2012-01-12] (Ralink Technology Corp.)
    3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-02] (CACE Technologies, Inc.)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-12] (Microsoft Corporation)
    0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    4 RelevantKnowledge; [x]
    3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-26 15:49 - 2012-07-26 15:49 - 00000000 ____D C:\FRST
    2012-07-26 02:47 - 2012-07-26 06:54 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
    2012-07-25 21:01 - 2012-07-25 21:01 - 00000000 ____D C:\Users\Stuart Wilson\Downloads\NETGEAR
    2012-07-23 14:41 - 2012-07-23 14:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-23 14:39 - 2012-07-23 14:39 - 10288512 ____A (Microsoft Corporation) C:\Users\Stuart Wilson\Downloads\mseinstall.exe
    2012-07-22 22:50 - 2012-07-22 22:50 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Stuart Wilson\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-22 22:50 - 2012-07-22 22:50 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-22 21:35 - 2012-07-22 21:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-22 14:14 - 2012-07-22 20:33 - 00000000 ____D C:\Poker
    2012-07-20 03:53 - 2012-07-13 12:44 - 366967146 ____A C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
    2012-07-18 15:52 - 2012-07-18 15:52 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-12 21:24 - 2012-07-22 15:39 - 00000000 ____D C:\Users\Stuart Wilson\AppData\Roaming\BitLord
    2012-07-12 21:24 - 2012-07-12 21:24 - 00000000 ____D C:\Users\Stuart Wilson\AppData\Roaming\Python-Eggs
    2012-07-12 21:23 - 2012-07-12 21:23 - 00001969 ____A C:\Users\Stuart Wilson\Desktop\BitLord.lnk
    2012-07-12 21:23 - 2012-07-12 21:23 - 00000000 ____D C:\Users\Stuart Wilson\Documents\BitLord
    2012-07-12 21:22 - 2012-07-12 21:23 - 00000000 ____D C:\Program Files\BitLord 2
    2012-07-12 21:19 - 2012-07-12 21:21 - 26143715 ____A C:\Users\Stuart Wilson\Downloads\BitLord 2.1.1 Installer.exe
    2012-07-12 21:11 - 2012-07-12 21:11 - 00002025 ____A C:\Windows\System32\RaCoInst.log
    2012-07-12 21:11 - 2012-07-12 21:11 - 00000000 ____D C:\Users\All Users\Ralink
    2012-07-12 21:10 - 2012-07-12 21:10 - 00002025 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
    2012-07-12 21:10 - 2012-07-12 21:10 - 00000000 ____D C:\Users\All Users\NETGEAR
    2012-07-12 21:10 - 2012-07-12 21:10 - 00000000 ____D C:\Program Files\Cisco
    2012-07-12 21:10 - 2011-11-28 02:21 - 00008192 ____A C:\Windows\System32\Drivers\rt2870.bin
    2012-07-12 21:10 - 2011-05-03 19:56 - 01608768 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
    2012-07-12 21:10 - 2011-05-03 19:54 - 00802880 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaIHV.dll
    2012-07-12 21:10 - 2010-06-30 23:45 - 00119648 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaExtUI.dll
    2012-07-11 22:27 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 22:27 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 22:27 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 22:27 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 22:27 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 22:27 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 22:27 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 22:27 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 22:27 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 22:27 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 22:27 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 22:27 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 22:27 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 22:27 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 22:24 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 21:04 - 2012-07-11 21:44 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\Outlook Files
    2012-07-11 15:40 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 15:40 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 15:40 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 15:40 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 15:40 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 15:40 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 15:40 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 15:40 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 15:40 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 15:39 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-10 20:37 - 2012-07-10 20:44 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\New folder (2)
    2012-07-02 20:14 - 2012-07-02 21:08 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\New folder

    ============ 3 Months Modified Files ========================

    2012-07-26 06:54 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-25 21:11 - 2010-09-04 21:38 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-25 21:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 21:10 - 2009-07-13 20:39 - 00106109 ____A C:\Windows\setupact.log
    2012-07-23 16:14 - 2009-10-07 20:32 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
    2012-07-23 15:54 - 2010-09-04 21:38 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-23 14:49 - 2009-10-07 19:27 - 00039328 ____A C:\Windows\PFRO.log
    2012-07-23 14:42 - 2009-10-07 16:52 - 01377174 ____A C:\Windows\WindowsUpdate.log
    2012-07-23 14:41 - 2011-02-07 12:37 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-23 14:41 - 2009-10-07 17:01 - 00861310 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-23 14:39 - 2012-07-23 14:39 - 10288512 ____A (Microsoft Corporation) C:\Users\Stuart Wilson\Downloads\mseinstall.exe
    2012-07-23 14:37 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 14:37 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 14:14 - 2009-10-07 20:32 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
    2012-07-22 22:50 - 2012-07-22 22:50 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Stuart Wilson\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-22 22:50 - 2012-07-22 22:50 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-18 16:58 - 2010-03-22 23:50 - 00002152 ____A C:\Users\All Users\hpzinstall.log
    2012-07-18 15:52 - 2012-07-18 15:52 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-14 14:01 - 2009-07-13 20:53 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-14 12:35 - 2011-06-29 20:49 - 00000270 ____A C:\Windows\Tasks\RMSchedule.job
    2012-07-13 12:44 - 2012-07-20 03:53 - 366967146 ____A C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
    2012-07-12 21:23 - 2012-07-12 21:23 - 00001969 ____A C:\Users\Stuart Wilson\Desktop\BitLord.lnk
    2012-07-12 21:21 - 2012-07-12 21:19 - 26143715 ____A C:\Users\Stuart Wilson\Downloads\BitLord 2.1.1 Installer.exe
    2012-07-12 21:11 - 2012-07-12 21:11 - 00002025 ____A C:\Windows\System32\RaCoInst.log
    2012-07-12 21:10 - 2012-07-12 21:10 - 00002025 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
    2012-07-12 12:54 - 2009-07-13 20:33 - 00411248 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 22:24 - 2009-10-13 12:12 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-08 17:22 - 2010-05-20 02:51 - 00000204 ____A C:\Windows\MYOBP.INI
    2012-07-08 17:22 - 2010-05-20 02:51 - 00000043 ____A C:\Windows\MYOB.INI
    2012-07-02 19:46 - 2010-08-06 01:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-26 21:30 - 2012-05-09 16:20 - 00973824 ____A C:\Users\Stuart Wilson\Desktop\Elegance Oven Cleaning - Reminder List.xls
    2012-06-25 17:27 - 2012-06-25 16:21 - 00000022 ____A C:\Users\Stuart Wilson\Downloads\Macquarie University Doctor of Physiotherapy - Anatomy resources.zip
    2012-06-11 18:40 - 2012-07-11 22:24 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 20:41 - 2012-07-11 15:39 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-05 21:05 - 2012-07-11 15:40 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 15:40 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 15:40 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-02 14:19 - 2012-06-21 16:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 16:03 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 16:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 16:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 16:03 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-21 16:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-21 16:03 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 01:07 - 2012-07-11 22:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 22:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 22:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 22:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 22:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 22:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 00:23 - 2012-07-11 22:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 00:21 - 2012-07-11 22:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 22:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 22:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 22:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 00:17 - 2012-07-11 22:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 22:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 22:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-01 21:19 - 2012-06-21 16:03 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 21:12 - 2012-06-21 16:03 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 20:45 - 2012-07-11 15:40 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 20:45 - 2012-07-11 15:40 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 20:40 - 2012-07-11 15:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 20:40 - 2012-07-11 15:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 20:39 - 2012-07-11 15:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-05-30 17:30 - 2012-05-30 17:30 - 02288188 ____A C:\Users\Stuart Wilson\Downloads\URGENT_-_Evaluation.zip
    2012-05-23 22:50 - 2012-05-23 22:50 - 00416240 ____A C:\Users\Stuart Wilson\Downloads\Attachments_2012_05_24.zip
    2012-05-23 16:59 - 2012-05-23 16:58 - 03016438 ____A C:\Users\Stuart Wilson\Downloads\2008
    2012-05-17 15:23 - 2011-06-30 01:27 - 00003072 ____A C:\Windows\System32\Cache.db
    2012-05-10 19:14 - 2012-05-10 19:09 - 20032520 ____A (PokerStars) C:\Users\Stuart Wilson\Downloads\PokerStarsInstall.exe
    2012-05-10 17:07 - 2012-05-10 17:03 - 00855552 ____A C:\Users\Stuart Wilson\Desktop\Elegance Oven Cleaning - Reminder List 1.xls
    2012-05-08 16:12 - 2012-04-30 17:35 - 00894464 ____A C:\Users\Stuart Wilson\Desktop\Oven Cleaning Reminder List.xls
    2012-05-06 18:16 - 2012-05-02 16:33 - 00014896 ____A C:\Users\Stuart Wilson\Desktop\Payslip Form.xlsx
    2012-05-03 13:43 - 2012-05-03 13:43 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-05-03 13:43 - 2012-05-03 13:43 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-05-03 13:43 - 2012-05-03 13:43 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-05-03 13:43 - 2012-05-03 13:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-05-03 13:43 - 2012-05-03 13:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-05-03 13:41 - 2012-05-03 13:40 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Stuart Wilson\Downloads\jxpiinstall.exe
    2012-05-02 21:16 - 2012-02-16 11:43 - 00012979 ____A C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
    2012-05-02 17:12 - 2012-05-02 17:12 - 00083824 ____A C:\Users\Stuart Wilson\Desktop\Contact List.xlsx
    2012-05-01 14:31 - 2011-11-06 12:26 - 00000671 ____A C:\Users\Stuart Wilson\Desktop\Internet.lnk
    2012-05-01 04:12 - 2012-05-01 04:12 - 00060039 ____A C:\Users\Stuart Wilson\Documents\Servicem8 Contacts.csv
    2012-04-30 23:10 - 2012-01-29 14:08 - 00012374 ____A C:\Users\Stuart Wilson\Documents\Fix Jobs.xlsx
    2012-04-30 20:44 - 2012-06-13 20:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 17:26 - 2011-07-25 23:49 - 00000853 ____A C:\Users\Stuart Wilson\Desktop\New Job Sheet.lnk


    ZeroAccess:
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\@
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\L
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U\00000001.@

    ZeroAccess:
    C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
    C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\@
    C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\L
    C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-07-26 06:54] - 0259072 ____A (Microsoft Corporation) 21835BD18857B8BADD3858DE3B74F76C

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3071.55 MB
    Available physical RAM: 2582 MB
    Total Pagefile: 3069.83 MB
    Available Pagefile: 2591.06 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:372.51 GB) (Free:118.06 GB) NTFS
    4 Drive f: () (Removable) (Total:7.5 GB) (Free:3.88 GB) FAT32
    5 Drive g: (Expansion Drive) (Fixed) (Total:1863 GB) (Free:1819.8 GB) exFAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 372 GB 0 B
    Disk 1 Online 7695 MB 0 B
    Disk 2 Online 1863 GB 1024 KB

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 372 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 372 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7695 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 7695 MB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G Expansion D exFAT Partition 1863 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-19 14:52

    ======================= End Of Log ==========================

    SEARCH.TXT

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-26 15:57:34
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-07-26 06:54] - 0259072 ____A (Microsoft Corporation) 21835BD18857B8BADD3858DE3B74F76C

    === End Of Search ===
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  3. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Thanks for helping Jay, so I have restarted it after running the fix and it seems to be stable. Below is the fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-27 08:02:46 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d} moved successfully.
    C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d} moved successfully.

    ==== End of Fixlog ====
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Great! Please run the following:

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  5. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Thanks, I have posted reports below - how are things going is it almost healthy?

    REPORT 1:
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Stuart Wilson [Admin rights]
    Mode: Scan -- Date: 07/28/2012 09:50:57

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD403LJ ATA Device +++++
    --- User ---
    [MBR] 503750e41cea4b5e8911823d9ce4010f
    [BSP] ea0815d951bb8a75bd58fa2d4a74524b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 381451 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    REPORT 2:
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Stuart Wilson [Admin rights]
    Mode: Remove -- Date: 07/28/2012 09:52:12

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD403LJ ATA Device +++++
    --- User ---
    [MBR] 503750e41cea4b5e8911823d9ce4010f
    [BSP] ea0815d951bb8a75bd58fa2d4a74524b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 381451 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    REPORT 3:
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Stuart Wilson [Admin rights]
    Mode: Shortcuts HJfix -- Date: 07/28/2012 09:55:03

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 54 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 6 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 470 / Fail 0
    My documents: Success 12 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 1000 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 74 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [A:] \Device\Floppy0 -- 0x2 --> Skipped
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [H:] \Device\CdRom1 -- 0x5 --> Skipped

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  7. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    ComboFix 12-07-27.03 - Stuart Wilson 29/07/2012 20:04:14.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3072.2089 [GMT 10:00]
    Running from: c:\users\Stuart Wilson\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Pe
    c:\program files\Pe\AEGAXS.dll
    c:\program files\Pe\APData.dll
    c:\program files\Pe\App.ico
    c:\program files\Pe\BPData.dll
    c:\program files\Pe\CNData.dll
    c:\program files\Pe\Configs.xml
    c:\program files\Pe\Framework.Controls.ProgressBar.dll
    c:\program files\Pe\FTData.dll
    c:\program files\Pe\HId.dll
    c:\program files\Pe\HuD.xml
    c:\program files\Pe\HudMoveDLL.dll
    c:\program files\Pe\ICSharpCode.SharpZipLib.dll
    c:\program files\Pe\iexplore.exe
    c:\program files\Pe\iexplore.exe.config
    c:\program files\Pe\Interop.VXPLibrary.dll
    c:\program files\Pe\Lib\accllistbar.dll
    c:\program files\Pe\Lib\AxInterop.SHDocVw.dll
    c:\program files\Pe\Lib\Infragistics.Shared.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.UltraChart.Core.v4.1.dll
    c:\program files\Pe\Lib\Infragistics.UltraChart.Data.v4.1.dll
    c:\program files\Pe\Lib\Infragistics.UltraChart.Render.v4.1.dll
    c:\program files\Pe\Lib\Infragistics.UltraChart.Resources.v4.1.dll
    c:\program files\Pe\Lib\Infragistics.Win.Misc.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinChart.v4.1.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinDock.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinEditors.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinListBar.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinTabControl.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.UltraWinToolbars.v3.2.dll
    c:\program files\Pe\Lib\Infragistics.Win.v3.2.dll
    c:\program files\Pe\Lib\Interop.SHDocVw.dll
    c:\program files\Pe\Lib\MessageBoxExLib.dll
    c:\program files\Pe\Lib\pecomm.dll
    c:\program files\Pe\Lib\PokerHUD.dll
    c:\program files\Pe\Lib\shellstyle.dll
    c:\program files\Pe\Lib\xpexplorerbar.dll
    c:\program files\Pe\License.txt
    c:\program files\Pe\Lobby Edge\ICSharpCode.SharpZipLib.dll
    c:\program files\Pe\Lobby Edge\if1.dll
    c:\program files\Pe\Lobby Edge\if2.dll
    c:\program files\Pe\Lobby Edge\if3.dll
    c:\program files\Pe\Lobby Edge\if4.dll
    c:\program files\Pe\Lobby Edge\Interop.VXPLibrary.dll
    c:\program files\Pe\Lobby Edge\LobbyEdge.exe
    c:\program files\Pe\Lobby Edge\LobbyEdge.exe.config
    c:\program files\Pe\Lobby Edge\OpenerInterface.dll
    c:\program files\Pe\Lobby Edge\rules.ini
    c:\program files\Pe\Lobby Edge\SpHeader.dll
    c:\program files\Pe\Lobby Edge\tfplugin_interface_library.dll
    c:\program files\Pe\Lobby Edge\VXPLib.dll
    c:\program files\Pe\Lobby Edge\XPExplorerBar.dll
    c:\program files\Pe\log.txt
    c:\program files\Pe\MGData.dll
    c:\program files\Pe\MNData.dll
    c:\program files\Pe\Notes.xml
    c:\program files\Pe\NTGA11X.dll
    c:\program files\Pe\OGData.dll
    c:\program files\Pe\OverlayDll.dll
    c:\program files\Pe\PE4Hud.dll
    c:\program files\Pe\PE4Hud2.dll
    c:\program files\Pe\PNData.dll
    c:\program files\Pe\PSData.dll
    c:\program files\Pe\Readme.txt
    c:\program files\Pe\Settings.xml
    c:\program files\Pe\SitePathFinder.dll
    c:\program files\Pe\TPData.dll
    c:\program files\Pe\VXPLib.dll
    c:\users\Stuart Wilson\Documents\~WRL0003.tmp
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    -------\Service_RelevantKnowledge
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-29 08:03 . 2012-07-30 00:10 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\offreg.dll
    2012-07-26 23:49 . 2012-07-26 23:49 -------- d-----w- C:\FRST
    2012-07-26 10:47 . 2012-07-26 14:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2012-07-23 22:44 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\mpengine.dll
    2012-07-23 22:42 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-23 22:41 . 2012-07-23 22:41 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-23 05:35 . 2012-07-23 05:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-22 22:14 . 2012-07-23 04:33 -------- d-----w- C:\Poker
    2012-07-13 05:24 . 2012-07-13 05:24 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\Python-Eggs
    2012-07-13 05:24 . 2012-07-22 23:39 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\BitLord
    2012-07-13 05:22 . 2012-07-13 05:23 -------- d-----w- c:\program files\BitLord 2
    2012-07-13 05:11 . 2012-07-13 05:11 -------- d-----w- c:\programdata\Ralink
    2012-07-13 05:10 . 2011-11-28 10:21 8192 ----a-w- c:\windows\system32\drivers\rt2870.bin
    2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\program files\Cisco
    2012-07-13 05:10 . 2011-05-04 03:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-07-13 05:10 . 2011-05-04 03:54 802880 ----a-w- c:\windows\system32\RaIHV.dll
    2012-07-13 05:10 . 2010-07-01 07:45 119648 ----a-w- c:\windows\system32\RaExtUI.dll
    2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\programdata\NETGEAR
    2012-07-12 06:24 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 03:46 . 2010-08-06 09:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-22 00:03 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 00:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 00:03 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 00:03 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 00:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-22 00:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-22 00:03 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:19 . 2012-06-22 00:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:12 . 2012-06-22 00:03 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-03 21:43 . 2012-05-03 21:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-03 21:43 . 2012-05-03 21:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-01 04:44 . 2012-06-14 04:52 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-21 01:01 . 2011-07-15 01:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2009-04-13 604704]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-20 1406976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "RMAlert"="c:\program files\Registry Mechanic\Alert.exe" [2010-09-16 1016792]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-13 4577760]
    NETGEAR WNDA4100 Genie.lnk - c:\program files\NETGEAR\WNDA4100\WNDA4100.EXE [2012-1-3 5001472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk]
    backup=c:\windows\pss\TitanCalculator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-05 14:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-10-08 04:32 133104 ----atw- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-07-03 03:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
    2010-04-16 21:36 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 03:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
    2010-07-06 19:32 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [x]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
    S1 MpKslc95baba5;MpKslc95baba5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\MpKslc95baba5.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
    S2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
    - c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
    - c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
    .
    2012-07-14 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2011-06-30 00:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-Memeo Instant Backup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
    MSConfigStartUp-TomTomHOME - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$PROPHETSQL]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:pROPHETSQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-988588282-1707717258-2563674901-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F07CEBA-9A0E-3AD7-0BE7-83239DC860F6}*]
    "hagheagpkmhmcmkj"=hex:6b,61,6c,6d,66,6c,64,69,64,63,61,6d,6d,63,6a,62,6b,6c,
    70,70,61,63,00,00
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\NETGEAR\WNDA4100\Service\RaRegistry.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-30 10:22:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 00:22
    .
    Pre-Run: 130,322,227,200 bytes free
    Post-Run: 132,730,535,936 bytes free
    .
    - - End Of File - - 78C8C91D70C25FCE52AF61652D698404
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good!

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  9. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    GREAT! are we almost clean?

    OTL.txt
    OTL logfile created on: 30/07/2012 7:45:59 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stuart Wilson\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
    6.00 Gb Paging File | 5.03 Gb Available in Paging File | 83.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 372.51 Gb Total Space | 123.71 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
    Drive H: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: STUARTWILSON-PC | User Name: Stuart Wilson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 19:44:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/03 18:58:28 | 005,001,472 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE
    PRC - [2011/11/21 13:54:46 | 000,377,088 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe
    PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    PRC - [2009/04/14 06:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/03 18:58:20 | 000,110,848 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA4100\Ralink.dll
    MOD - [2011/09/15 16:55:56 | 001,066,856 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA4100\RaWLAPI.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
    MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/21 11:01:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/11/21 13:54:46 | 000,377,088 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2010/03/01 21:26:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\STUART~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/01/13 15:40:50 | 001,277,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/06 08:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
    DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
    DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
    DRV - [2009/07/14 08:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/03/17 10:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
    DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 33 8F 7F 61 6D CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stuart Wilson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stuart Wilson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 20:11:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 11:01:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 20:11:24 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 11:01:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2010/12/08 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Extensions
    [2010/12/08 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/05/02 10:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\extensions
    [2012/01/30 06:23:11 | 000,000,000 | ---D | M] (&#9836; MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\extensions\Konverts@MediaPimp.com
    [2012/02/07 05:58:10 | 000,002,291 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\searchplugins\s-amazon-uk.xml
    [2012/06/20 10:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/21 11:01:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/20 10:41:33 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/06/20 10:41:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/20 10:41:33 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/20 10:41:33 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/06/20 10:41:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/06/20 10:41:33 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Extension = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
    CHR - Extension: Gmail = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/30 10:17:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RMAlert] C:\Program Files\Registry Mechanic\Alert.exe (PC Tool)
    O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{074DDE76-52DF-4C8F-89DB-80AA6549CD51}: DhcpNameServer = 211.29.132.12 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A925CCE-5F12-4A8C-B64F-EED614280729}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51E5B294-1026-4532-878F-A068023056D4}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DC8321E-7B3B-4969-AB6D-7F8888DD9F6E}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9D6F33-DC07-4179-A0C7-CF5D3C561DB3}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D399713B-74E8-4B01-B966-03124C17FE3A}: DhcpNameServer = 211.29.132.12 61.88.88.88
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/08/16 22:57:50 | 000,000,154 | R--- | M] () - H:\autorun.cfg -- [ UDF ]
    O32 - AutoRun File - [2010/10/06 00:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - H:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2006/09/11 23:26:42 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
    MsConfig - StartUpFolder: C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: Memeo AutoSync - hkey= - key= - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: Seagate Dashboard - hkey= - key= - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    MsConfig - State: "startup" - 2
    MsConfig - State: "services" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
    Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.mjpg - C:\Windows\System32\mcmjpg32.dll (MainConcept)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  10. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    OTL.txt CONTINUED
    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 19:44:51 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
    [2012/07/30 10:17:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/29 20:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 20:00:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 20:00:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 20:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 20:00:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 19:59:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 18:10:51 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\Stuart Wilson\Desktop\ComboFix.exe
    [2012/07/28 09:49:03 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\RK_Quarantine
    [2012/07/27 09:49:10 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/26 20:47:28 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/07/24 08:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/23 15:35:20 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/07/23 08:14:38 | 000,000,000 | ---D | C] -- C:\Poker
    [2012/07/13 15:24:09 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\Python-Eggs
    [2012/07/13 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\BitLord
    [2012/07/13 15:23:57 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
    [2012/07/13 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Documents\BitLord
    [2012/07/13 15:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 2
    [2012/07/13 15:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
    [2012/07/13 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
    [2012/07/13 15:10:38 | 001,608,768 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
    [2012/07/13 15:10:38 | 000,802,880 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaIHV.dll
    [2012/07/13 15:10:38 | 000,119,648 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaExtUI.dll
    [2012/07/13 15:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA4100 Genie
    [2012/07/13 15:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
    [2012/07/12 16:27:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/07/12 16:27:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/07/12 16:27:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/07/12 16:27:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/07/12 16:27:18 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/07/12 16:27:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/07/12 16:27:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/07/12 16:24:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/12 15:04:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\Outlook Files
    [2012/07/12 09:40:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012/07/12 09:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2012/07/12 09:40:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
    [2012/07/11 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\New folder (2)
    [2012/07/03 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\New folder
    [2 C:\Users\Stuart Wilson\Desktop\*.tmp files -> C:\Users\Stuart Wilson\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 19:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 19:51:02 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 19:51:02 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 19:44:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
    [2012/07/30 19:44:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 19:43:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 19:43:25 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 10:17:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/30 10:14:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
    [2012/07/29 18:11:09 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\Stuart Wilson\Desktop\ComboFix.exe
    [2012/07/28 09:48:09 | 001,552,384 | ---- | M] () -- C:\Users\Stuart Wilson\Desktop\RogueKiller.exe
    [2012/07/27 08:14:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
    [2012/07/24 08:41:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/24 08:41:43 | 000,709,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/24 08:41:42 | 000,138,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/23 16:50:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/19 09:52:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/15 06:35:08 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2012/07/14 06:44:38 | 366,967,146 | ---- | M] () -- C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
    [2012/07/13 15:23:58 | 000,001,969 | ---- | M] () -- C:\Users\Stuart Wilson\Desktop\BitLord.lnk
    [2012/07/13 15:10:25 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    [2012/07/13 15:10:25 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
    [2012/07/13 06:54:51 | 000,411,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/09 11:22:45 | 000,000,204 | ---- | M] () -- C:\Windows\MYOBP.INI
    [2012/07/09 11:22:29 | 000,000,043 | ---- | M] () -- C:\Windows\MYOB.INI
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2 C:\Users\Stuart Wilson\Desktop\*.tmp files -> C:\Users\Stuart Wilson\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/29 20:00:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 20:00:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 20:00:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 20:00:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 20:00:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/28 09:48:05 | 001,552,384 | ---- | C] () -- C:\Users\Stuart Wilson\Desktop\RogueKiller.exe
    [2012/07/24 08:41:49 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/23 16:50:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/20 21:53:52 | 366,967,146 | ---- | C] () -- C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
    [2012/07/19 09:52:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/13 15:23:58 | 000,001,969 | ---- | C] () -- C:\Users\Stuart Wilson\Desktop\BitLord.lnk
    [2012/07/13 15:10:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\rt2870.bin
    [2012/07/13 15:10:25 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    [2012/07/13 15:10:25 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
    [2012/02/24 14:05:16 | 000,156,160 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
    [2012/02/24 07:37:36 | 000,004,608 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/17 05:43:25 | 000,012,979 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
    [2012/01/13 15:40:40 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
    [2011/06/30 14:48:17 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
    [2011/06/21 15:14:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/06/21 15:12:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/06/14 21:44:16 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/22 17:02:50 | 000,000,036 | -H-- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\swk.ini
    [2010/07/18 17:52:13 | 000,038,445 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2010/02/07 17:41:22 | 000,000,101 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Local\fusioncache.dat

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/06/02 14:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
    [2012/06/02 14:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
    [2012/06/02 14:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/06/30 13:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2011/07/16 10:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2012/01/11 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
    [2012/07/13 15:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord 2
    [2011/10/17 16:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2010/03/10 18:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\CalculatemPro
    [2012/07/13 15:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
    [2012/07/19 10:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
    [2012/02/24 13:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
    [2012/07/29 20:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010/07/08 17:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
    [2012/01/11 16:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
    [2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2010/09/16 10:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\Feedback Tool
    [2011/03/24 10:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
    [2011/03/21 18:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\Football Manager
    [2011/11/17 09:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2010/06/28 12:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
    [2012/07/13 15:10:25 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
    [2012/07/13 06:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/07/18 16:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
    [2011/07/24 19:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2012/07/19 09:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2012/05/04 07:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010/12/15 10:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
    [2012/02/24 07:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Leadbetter Interactive
    [2009/10/29 13:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
    [2010/05/10 15:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
    [2011/03/21 18:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
    [2012/07/23 16:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/19 11:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
    [2009/10/15 17:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2010/07/17 13:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
    [2010/05/20 20:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
    [2009/07/14 17:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2011/06/24 08:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
    [2011/06/24 08:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
    [2010/07/17 13:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012/07/24 08:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
    [2012/05/09 16:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2011/03/31 21:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
    [2010/07/17 13:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/07/17 13:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
    [2010/07/17 13:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2010/07/17 13:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
    [2010/08/25 18:32:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2012/07/21 11:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2012/07/22 15:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
    [2010/07/17 13:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/10/29 12:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2010/03/24 05:41:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2011/06/23 16:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\MYOB
    [2011/09/01 11:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Navman
    [2012/07/13 15:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
    [2011/06/24 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2009/11/16 19:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Poker-Spy
    [2012/06/04 10:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
    [2011/11/07 06:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012/06/19 09:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
    [2011/06/22 16:50:00 | 000,000,000 | ---D | M] -- C:\Program Files\RegistryCleanerFree
    [2011/05/28 20:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
    [2011/06/14 21:42:22 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2011/03/21 18:15:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
    [2010/04/08 20:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\TMG
    [2010/12/08 17:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
    [2010/12/08 17:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
    [2009/07/14 14:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
    [2009/10/08 14:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\VIRGIN BROADBAND
    [2011/03/21 17:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\WinAce
    [2011/06/24 09:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2012/05/10 09:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2011/06/24 09:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2012/01/11 17:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2012/02/24 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare
    [2011/03/21 18:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Zero G Registry

    < %appdata%\*.* >
    [2012/07/23 09:23:12 | 000,000,000 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\bitlord_log.txt
    [2010/07/18 17:52:13 | 000,038,445 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.ADR
    [2012/05/03 15:16:26 | 000,012,979 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
    [2010/07/22 17:02:50 | 000,000,036 | -H-- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\swk.ini

    < MD5 for: AFD.SYS >
    [2011/04/25 12:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
    [2010/11/20 18:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2011/04/25 12:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
    [2011/04/25 12:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
    [2011/04/25 12:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
    [2011/04/25 13:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    [2009/07/14 09:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
    [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
    [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache\cryptsvc.dll
    [2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
    [2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2012/04/24 14:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/24 14:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2009/07/14 11:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/24 14:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2010/11/20 22:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
    [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
    [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
    [2011/03/03 15:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
    [2011/03/03 15:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
    [2009/07/14 11:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
    [2011/03/03 15:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/09/29 03:03:54 | 000,132,080 | ---- | M] () MD5=0FC1DBB12B4FC8B2ACE0344197F2BA07 -- C:\Users\Stuart Wilson\Desktop\Elegance Cleaning Group\Files to Take\Stuart Wilson\Users\Stuart\AppData\Local\Google\Chrome\Application\3.0.195.24\Locales\es.dll
    [2012/06/28 20:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2009/09/14 04:09:14 | 000,132,080 | ---- | M] () MD5=9E752CFCD4D7F6381FD1E4C55884B724 -- C:\Users\Stuart Wilson\Desktop\Elegance Cleaning Group\Files to Take\Stuart Wilson\Users\Stuart\AppData\Local\Google\Chrome\Application\3.0.195.21\Locales\es.dll
    [2012/07/10 14:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
    [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
    [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
    [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
     
  11. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    OTL.txt CONTINUED
    < MD5 for: EXPLORER.EXE >
    [2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
    [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
    [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 18:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
    [2010/11/20 18:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    [2009/07/14 09:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
    [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
    [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

    < MD5 for: QMGR.DLL >
    [2009/07/14 11:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
    [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
    [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
    [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
    [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
    [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2009/07/14 11:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2012/07/27 00:54:57 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=21835BD18857B8BADD3858DE3B74F76C -- C:\FRST\Quarantine\services.exe
    [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
    [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
    [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/25 14:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
    [2011/06/21 15:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
    [2011/09/30 02:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
    [2011/04/25 14:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
    [2009/07/14 11:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
    [2010/11/20 22:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
    [2011/09/30 02:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
    [2012/03/30 20:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
    [2011/09/30 01:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
    [2010/04/09 17:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
    [2010/04/09 17:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
    [2011/09/30 02:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
    [2011/04/25 16:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
    [2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache\tcpip.sys
    [2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
    [2011/04/25 14:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
    [2012/03/30 19:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
    [2011/06/21 15:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
    [2010/06/14 16:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
    [2010/06/14 16:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
    [2011/06/21 15:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
    [2011/06/21 16:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
    [2012/03/30 20:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
    [2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
    [2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [2009/07/14 09:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
    [2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2009/07/14 11:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
    [2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
    [2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
    [2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
    [2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
    [2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
    [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
    [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
    [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
    [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
    [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
    [2010/12/21 15:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
    [2010/12/21 15:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:ECF54A0E
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
  12. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    EXTRAS.TXT
    OTL Extras logfile created on: 30/07/2012 7:45:59 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stuart Wilson\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
    6.00 Gb Paging File | 5.03 Gb Available in Paging File | 83.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 372.51 Gb Total Space | 123.71 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
    Drive H: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: STUARTWILSON-PC | User Name: Stuart Wilson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}" = Leadbetter Interactive
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21827590-5E66-424F-90AE-CF7BA2996509}" = MYOB ClientConnect Quote
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
    "{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
    "{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
    "{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
    "{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.20" = NavDesk 7.20
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PROPHETSQL)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "BitLord" = BitLord 2.1
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
    "FLV Player2.0.25" = FLV Player
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "InstallShield_{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}" = Leadbetter Interactive
    "InstallShield_{21827590-5E66-424F-90AE-CF7BA2996509}" = MYOB ClientConnect Quote
    "InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
    "InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
    "InstallShield_{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19
    "InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
    "Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "RegistryCleanerFree" = Registry Cleaner Free
    "Shop for HP Supplies" = Shop for HP Supplies
    "The Marketing Game! - student software" = The Marketing Game! - student software
    "VIRGIN BROADBAND" = VIRGIN BROADBAND
    "WinAce Archiver" = WinAce Archiver
    "Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.1.1)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{6641FD7C-4F8D-456F-B352-E9BECF5102AF}" = MYOB ClientConnect
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 21/06/2012 11:19:01 PM | Computer Name = StuartWilson-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a6c Start
    Time: 01cd5010a9eb0324 Termination Time: 187 Application Path: C:\Program Files\Mozilla
    Firefox\firefox.exe Report Id: fffc62c9-bc18-11e1-be19-0014850e954e

    Error - 26/06/2012 9:06:59 PM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time
    stamp: 0x4b58fdfa Faulting module name: pstprx32.dll, version: 14.0.4734.1000, time
    stamp: 0x4b582007 Exception code: 0xc0000094 Fault offset: 0x00013755 Faulting process
    id: 0x12b0 Faulting application start time: 0x01cd53f879d656b1 Faulting application
    path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:
    c:\progra~1\micros~2\office14\pstprx32.dll Report Id: 64af2643-bff4-11e1-a873-0014850e954e

    Error - 3/07/2012 12:21:59 AM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
    time stamp: 0x4d6727a7 Faulting module name: pnidui.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7b99d Exception code: 0xc0000005 Fault offset: 0x00015c98 Faulting
    process id: 0xb9c Faulting application start time: 0x01cd58a83364e761 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\pnidui.dll
    Report
    Id: a1169c44-c4c6-11e1-82af-0014850e954e

    Error - 11/07/2012 1:35:30 AM | Computer Name = StuartWilson-PC | Source = Application Hang | ID = 1002
    Description = The program WINWORD.EXE version 14.0.4734.1000 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 15a8 Start
    Time: 01cd5f268d65f39f Termination Time: 19 Application Path: C:\Program Files\Microsoft
    Office\Office14\WINWORD.EXE Report Id: 233ea0c0-cb1a-11e1-a266-0014850e954e

    Error - 11/07/2012 11:04:02 PM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time
    stamp: 0x49dd90d9 Faulting module name: ole32.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc24 Faulting process
    id: 0xfe4 Faulting application start time: 0x01cd5fbd6464c804 Faulting application
    path: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Faulting module path:
    C:\Windows\system32\ole32.dll Report Id: 3af10286-cbce-11e1-815e-0014850e954e

    Error - 13/07/2012 1:09:45 AM | Computer Name = StuartWilson-PC | Source = VSS | ID = 8194
    Description =

    Error - 18/07/2012 9:02:13 PM | Computer Name = StuartWilson-PC | Source = VSS | ID = 8194
    Description =

    Error - 23/07/2012 1:14:20 AM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: InstallFlashPlayer.exe, version: 11.0.1.152,
    time stamp: 0x4e7d1453 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x001de998 Faulting process id:
    0x1194 Faulting application start time: 0x01cd6891ffe3d545 Faulting application path:
    C:\Users\STUART~1\AppData\Local\Temp\InstallFlashPlayer.exe Faulting module path:
    unknown Report Id: 4185ceaf-d485-11e1-8b33-0014850e954e

    Error - 23/07/2012 7:27:37 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 23/07/2012 8:08:44 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    [ Media Center Events ]
    Error - 13/05/2011 9:51:39 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 11:51:38 AM - Error connecting to the internet. 11:51:38 AM - Unable
    to contact server..

    Error - 13/05/2011 9:51:53 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 11:51:44 AM - Error connecting to the internet. 11:51:44 AM - Unable
    to contact server..

    Error - 13/05/2011 10:53:06 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 12:53:04 PM - Error connecting to the internet. 12:53:04 PM - Unable
    to contact server..

    Error - 13/05/2011 10:53:31 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 12:53:11 PM - Error connecting to the internet. 12:53:11 PM - Unable
    to contact server..

    Error - 13/05/2011 11:53:43 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 1:53:42 PM - Error connecting to the internet. 1:53:42 PM - Unable
    to contact server..

    Error - 13/05/2011 11:53:52 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 1:53:48 PM - Error connecting to the internet. 1:53:48 PM - Unable
    to contact server..

    Error - 14/05/2011 12:53:56 AM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 2:53:56 PM - Error connecting to the internet. 2:53:56 PM - Unable
    to contact server..

    Error - 14/05/2011 12:54:02 AM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 2:54:01 PM - Error connecting to the internet. 2:54:01 PM - Unable
    to contact server..

    Error - 14/05/2011 9:27:48 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 11:27:48 AM - Error connecting to the internet. 11:27:48 AM - Unable
    to contact server..

    Error - 14/05/2011 9:27:57 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
    Description = 11:27:53 AM - Error connecting to the internet. 11:27:53 AM - Unable
    to contact server..

    [ System Events ]
    Error - 29/07/2012 8:20:15 PM | Computer Name = StuartWilson-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.513.0 Update Source: %%859 Update Stage:
    %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
    code: 0x80240022 Error description: The program can't check for definition updates.


    Error - 29/07/2012 8:33:51 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 29/07/2012 9:21:34 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.

    Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.

    Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.

    Error - 30/07/2012 5:43:24 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.

    Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.

    Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = A fatal hardware error has occurred. Reported by component: Processor
    Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
    contains further information.


    < End of report >
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Not quite almost done. :p

    P2P & other unrecommended software

    I see you are running a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm


    Registry cleaners are extremely powerful programs, in which can greatly harm your OS, versus giving a little performance boost.

    There are too many Registry cleaners, and each vendor has a different set of classifications of what is a bad entry. For those not familiar with the Registry, save your Operating System, and do not use Registry cleaners.

    Further reading: XP Fixes Myth #1: Registry Cleaners

    Remove unrecommended/rogue programs

    Please remove the following programs, by going to Start > Control Panel > Programs.

    These programs have been reported to be either rogue, or unrecommended.

    • BitLord & BitLord 2
    • Registry Mechanic
    • RegistryCleanerFree
    • Zero G Registry
    OTL Fix
    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
      O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

      :commands
      [emptytemp]
      [reboot]
    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  14. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    OTL LOG
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Stuart Wilson
    ->Temp folder emptied: 2204183 bytes
    ->Temporary Internet Files folder emptied: 24778978 bytes
    ->Java cache emptied: 431547 bytes
    ->FireFox cache emptied: 67647315 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 43829 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20934 bytes
    RecycleBin emptied: 11853272 bytes

    Total Files Cleaned = 102.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07312012_163242

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
     
  16. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Thanks very much! I deleted all the programs you recommended.

    Scanning Report

    Tuesday, July 31, 2012 21:54:16 - 22:31:35

    Computer name: STUARTWILSON-PC
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\
    9 malware found

    Suspicious:W32/Malware!Gemini(virus)
    • C:\USERS\STUART WILSON\DOCUMENTS\DOWNLOADS\SETUPPOKER_3ECF0C.EXE (Not cleaned & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DOCUMENTS\DOWNLOADS\SETUPPOKER_68E0.EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_549A_EN.EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_549A_EN (1).EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_30CE_EN.EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_30CE_EN.EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_68E0.EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_30CE_EN (1).EXE (Renamed & Submitted)
    Trojan.Generic.4864316(virus)
    • C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\OLD_CACHE_001\F_0007FE (Renamed & Submitted)
    Statistics

    Scanned:
    • Files: 87900
    • System: 4513
    • Not scanned: 589
    Actions:
    • Disinfected: 0
    • Renamed: 8
    • Deleted: 0
    • Not cleaned: 1
    • Submitted: 9
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\WINDOWS\CSC\V2.0.6\PQ
    • C:\WINDOWS\CSC\V2.0.6\TEMP\EA-{6DE36F91-B3A4-11DE-B4BE-B46EB408070B}
    • C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\~DF282DB488BAB1355E.TMP
    • C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\~DF8028E42A76D3D4C6.TMP
    • C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\HSPERFDATA_STUART WILSON\5620
    • C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\HSPERFDATA_STUART WILSON\968
    • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{65CCB22F-CDFF-11E1-96F2-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{76D616D7-CBB0-11E1-815E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{7FAA133A-CCA8-11E1-AA46-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{76D6168F-CBB0-11E1-815E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{B1FAC9DF-D1EE-11E1-8297-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{7FAA1384-CCA8-11E1-AA46-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{C5BF34C1-D76D-11E1-B11E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{BB647663-C952-11E1-A933-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{FE35DD39-DA2A-11E1-AFE8-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{CF006CE5-D953-11E1-89E8-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\QOOBOX\BACKENV\SETPATH.BAT
    • C:\QOOBOX\BACKENV\VIKPEV00
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0036B41C886AF1E4D639BF5CB5B912B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0064000DCEC69E1F2A8CB4E9E8BECB50_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\021318EC316CB1EF49CC508D9D5F81BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\024D1E96A1D93F3160D9DD6ACCF5F919_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02E41460B3F6B75680440D2C94053344_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\029D0816451B4F7DAB37DA953206809D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0265156E4EB96784E4D30D489D609D37_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\050192DB6EC25F44B4CF0311DF9EC9E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\043941A06723C877F5F6C044D0F06E2A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0562A26A1427F9879513EF21DB8CBA74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0564C5503D0AB688A0D3284F2B4E202F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05C247345F9A158A14DA4F756D987A76_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06DD76E6A28A3874961FCAAB664FD898_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06EE29982E1A6734CADE7EE36AF6F6CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08241C5580D167626740D991698C0581_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\093A1DF2235A7A1F6B59A11A28969442_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0933F99EBA894E58886C1C90C04AC034_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A194E74BAAD4160729D04068ECF493F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A933E70025D86F912989456621ED84D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A3B8B777214C7B5F2DC1CCC38E4C4A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\094D3B44178381C97AF195986D3BD2E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ACF49515D8BE66528921204672BB35A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B38B581EA95D6E090AD4373A85A9C51_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BCC9B6AC8E436FFD5709E15300F47EE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C071EBAC97650E011DC3E1B04D87E0D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CA19B019D7BBEED982D2C16B6DF5299_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C7DFD305507302508801BB962B4072A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B7A3F3B0940E1CE5BABFA6D5583B8A8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C6E5C36EC2AEB51794AA895EDE02F0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DDB164EB3124C310B65ED5436114325_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CF46E7BB42F94B05815142C8690EF03_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F71AF3428FBE9A33A64686C17B49DC3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F6F0C72C6EDFAD17012721F9DE878A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\104D3E52C4659B29960A38438A9C5987_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FB75A325808C130035BCA8CE22504DE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EDC9410958CC27A1796B6B7A3952126_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10F012FEE3A9A9F99E79A8682976ADB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11875C1E2F9E54B36F02766D3D1F3CD5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1321D3030F27034386A74A29C23A0A44_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1391F34393365F5677E1769FB1B6FEDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13CC265993F9C9EDD42A1DC81100F68C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13E6585F816A2C7EF0864E48EFCAD1CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\147A1092E1C757690D6A4CEDAEE3E176_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\150951797D4C4F7175E92DCF608798BD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1518337AA7E54C9470908B8CA5BE1492_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\144275010AC8A8E84BBDF755701DD92A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13EBA27FAB109BEC903D59713780728D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1663377D5786876E144807C3B835713B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\180FB683FD727DD5ECFA562F7C3AFA1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1667829C54E1768AC10F6065F03D0001_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\162B774C918D9E681FF020B1F6C8E22E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\152894F09B7FDB4548354D8B48DE5A88_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1908418E73BD712CB5E344DE4733A555_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19D7D9F12CD2178216CA85507EDEA0A5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1853F25902C455A00D76AB096C8BAC6C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A72593D341DF923C0771D0934EAF5AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19AAAE96C0C7BC6AC4D22BE19690B636_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A97B1567DB194216FC550C4859D8CA4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AE12EBF57F03DE86BE6C622BC44FD1D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B392BFC5E8657421C8748647D74FC88_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AD949A71F6FEACCF337D35B6A3F0DF9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A8ED175AD270715CC3F4D7223464200_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC5695E19F8E5E1C41128DDF5466991_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B85F6BB390060488045DE228D4332FC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B65733AFC864648B3730B70CCB6BA10_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BF3BF7ABAA516249D66E0B47432921E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CD652B964BD798194EB1C80C7058D4A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D114CDBBDB8E1A008D5FAD41123DF25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D275EBE85776710DB379C871967C85E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DC8916789823C99AC83AAA4EAC4079D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DE3D9C9D4951C3724CB37D4FA0575C8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E816FC66046B031CDB8200193655056_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BB884283EFF7E699C40C6F295AAC83E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B8976B36D7554DDC66863DEDF0633AA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FF0370861F38DE192EE466BE497E663_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2212E3015B0701B4474CFF06CBBBAB1C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21BBF0EC1C54CBFAF910E4FE9A0DC990_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22F0C39AF2DFF4765C7A9E402B74760D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\202558764116DEC3F8A0E7FC8E0EB7E5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23534B0D129FDEBFB14314B52C33DF24_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\235AFAE5897E095AA0EAE0D568F852F0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23A55348D36C6D4A53BA42A2401021B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23D36180B50986016754799CEC98116F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23E4B9404BB846054D5C0B712917A0D4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2506F78B961B04121669D95C7117480E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2543972DEB80DE8945E9A8CB59D259F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\232F3EA4BF45860F63601176F1C9CF77_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22437D9267E422BEF7794261A73F3B25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25556EF84E99570B46423B9CBBE75762_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2595CAD1054D298CDC4CBF9326C8BEF8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F8BA4448EFB0D93267C741156EE3AA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\261CC6210DD19F57D59F5A23BD98EBD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27447168E54059FDC434AB6428FB0556_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\274D3EFE5F6E58CE295020A4772F517A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\288FF7DFC7F670435CDE2A22F4164925_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29C62F13F301896B66F9F7C1CA9C1916_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DABB44D0B495B80E8C195252615F205_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C0B4D33B8E6DEF56F79CD9C75528CA7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F8F7B61822A55EC9D7ECB7FFBA89D25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F50ED2467F473CF1789F5D138FBA5B8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AC8C35542AB33FBCFA3AEEE012C6105_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FEB38028A433FE280D08739BBAA5D1F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\305B7E3AA14FEFA7C146972377E18333_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30C51037E0EC00A186D208D2EBCA8A0E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3112667888CCA98EA55ADB5F6790F8E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31169FC7DA6DF63228532F2BEEDF8827_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31969A7333B0CB7BDE0E2C602D199C78_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32764BEFCC2BB1AF790013B267A8CDEF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\323E4FC14C340BBA4E7F2AFD11E6F0F4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BFCB45C6FD0D1E6B91C7E22B8A650F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3363CC2F2A55C809E3161CA61E421D64_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32EAD8041A0FAC30D6E8F7F0AD1C66E7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32C6ED418CC07954FAE3D29F1865C1DF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32D12B795E244794A91BD23B42BEEFB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33C636AC4B1A3155A24B5F60CAD251AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3391E3658F4A425267637B1017EF6CA3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\339CF84A7B8DDCB3C1003490D2E10520_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3384ABF8DD0337865ECE7651BAD67D5D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\354A267BB97F9DDFF0F2122AF9B3D13F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36B9DB066589AC81CA81926E94F6B4AE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34883B435A591DEA3FADEED2C748A45C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FA0705DEB08ED035A6E61BAF2A0E16_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3808F04DFFA390190F19C421FC2D7D09_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38D3D10C570590CE1D45EA4439A70582_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37F6D02A01737A6ED791F1E1DBCF05F5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\396FB12F23079FC1A5BC39DE808D49FD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\394ED430CDA4EBA16FF44B374D68EED7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36F1898588860D31E057168B17987B98_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39AF203D91601A3B17E1A407202C39A1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A71F5FA5006B6799922E5D50791224E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C31D3596FB877FBF1777B51C9DD1419_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C32BBFA8E41727F7FF188FF90307FCE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB253DF16794A723F3855338C4B3D79_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D02F87FEAA8D0C5A9638527338B5457_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C591DD8DFA4A63941AF357F8DB8F5E6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D21F3A08C07D0C85831578C5C2C706C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D1774EDC850A9D937D8324CCE500CC9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3117A65B70870595A094AC4D5CA3C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3E13A6145F200FBE0E2581394B3134_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C2FC206A4BDEA7BAEC6EA0793528DD4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D702BF52ACBD93220A733BA94079E02_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EC488CE7CAB2F95BEF5FEFCA123C74C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EE3531BCEE080372F34B25C87AB4B46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F1B105568A60497DE1720ABBA28631D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F34430D0580D82629C12D910CDAE5A2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7B6A1914426D5DEEE0A7D21391EC42_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7F5DB6AC845A9B227104BFF9C4AF0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FE71DA3E48F6D268D2E36ED48C0E791_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A5D1CC58B8EEB3E81686637BDC25FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\419DF3A2922D42D55DBB4BBBC0F52E69_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41A7386EC892D4515CD6CE5BFF0C3F90_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4284CD6F6CB21084FFC00BADB8F5E4BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\412E22D993147D380B6F57E9F3E3B145_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43CE683A41A8AB73EE70B1F653AA2283_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\441CD0E6E1852F774BC9ADDF99180AD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
     
  17. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4596EDD37DC6FB9AC7FC287EC5F6265D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44A6FBC6D651DA20B06C3901300C3FC7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4117B008C400F21BEB04089926565B5F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CC5D67164820E53D95B644DB053F46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\466A7C24EBBA819DA852A98B4573F48C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\459ACB44E799738396C41BF58B56E027_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4711C5D24F1666B60E60A0F1412F429F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46E1CA285F284EF256E57AEA99673744_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4772DCC315270F246CE7CD724BFEA9A3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47388BEDC6D5C51F86ED8BEEE82002A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46A75A92E4FDCB29733D482B014D7AE3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48B656D41B03D7F1AA959D416DBCE33B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\486D5620235953ADB9159DFE875D6773_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4836940E9BD2F980CBDD3FCD21AA3FCD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BCC8BD4553C931984CD437AF0F37D7B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C727852631F64BFB79A0BB8969DA124_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AAB2C30C38339D40DCFFB692C61772E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E4080E5A39341D389EDF796CD8656A8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D77785F58BF127AA3D5858ABB305263_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4ACE85CDBC1461586095092422ECDFC8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E64B3CF3F721B83BCB0465C748E3451_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EF3FF0BC6353A8FB3EFEA516E53CA45_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\506A0DD8688E8BCC34E51D8D9ADB2027_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5103F3AC0CA4AA2CECA60C38F3E9CF2F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\515570831E29E04C584B759B94D6AC22_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5164E8700AF005D3FDB927F55DB8421F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52179A8D8681622DC576D7975B4D0C3E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\521BE56D15573DDB8066E07B26F9B183_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CC831BBE690A29A42079A8E7B659928_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\524419A2F45CE07AA0673B71A3266217_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5241C3A7F747F8AFD3774A9D1A614262_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52E84A5A03CBD5F05CF2A50AC3FB6176_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52AD3F4F94E4CBA0E40FC7ACBFDFE954_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53C156D8A6012D1363EDE86B46B36C26_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5391C99583BDA130E9FA7C44748B96EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5513B575939335457889F43B6E7BEDBC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5535975469EF5BCB65F56E63847C73DC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F2724D1A727F88B134CBCC21EE2FC8A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\570ED08CD51C19296C91D5ECEAFA6834_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55A1D2CDD77B0F63235501D70E4935E3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\577D61D2907E8A802628065702065FD2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58937CBA6BEAFCFCD51001EE95AE0038_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59794D680D92DE573AE26877AE95BA0A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\599C9CF5A0C7AA44E39A0D1BC6E3D3BA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54E8EA6457E3954860643A450BE221B8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573D9783607188C213A417029B31C63F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B2BD0D3114468F02A5EE3192655AE66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59F49F7A03C2571A29C3B81BC8392B97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BBDA08202781613F1E75C48A6147EC9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C06FFD3E79BBDCC1E9F599BD12505C4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C442E7234A9B21407DA0E1803E908D7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C4829A7E4BBC0E7858200A587169D49_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C6315C2481DDA6B53DC6418C04A9DB9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B742275DE458663ADBAA7C823870842_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DC0F65465DADDF1185F0E8CCAFE3ECB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D6F7881E9630CE656ADCAF943456565_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E243164A60DC0BECFB62ED691F782C4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F55C06ED38ADA9AFCEE6A85BACCB346_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F98C41DC0F07B6EBD4727E5A7E511EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FC937336C2396B426ECBCD3B529A637_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59D3FF66B071EA8F33B758F37DB9B298_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FE379A5E4775598350E6E2B0024D3B1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60DC6B5C27EFDEB96F8260E34A4F80C6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DCC7D9F1D4AC5C0F9D5BDFEBC2A7267_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61C35EFF4064F9D5DA2994647FF9B716_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\600038042A7B6A181152BD5CD79E1FBF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61FF08A2016638F4694EBD3AA12F1C06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6207E2B60338ED118A7E3CA0F7D5C69A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B7C400C80D4DF6A075C745E08920C1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B6715AA62827D3CDB91D4BBE138E8F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63F56773C75345D3401815D199C08E63_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6438BE2B3423359602D6B612BA0FE2C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61F5281CB338F53ECFCFA7CB2DCE4C73_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6474C4125CD361A9825050F18E6EC290_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6566188FCAE8B8DCA6AD38ECCA64C57F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6508C2528D7D1C92C2B961F4404EAB2E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64967AF010C69BECC819AB34DACAEE34_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6597CC69F8705F89530DA26A82036C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6583A6E70409F49477FEB8C44EC54927_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65CEF3CDD36ECF672464F431C48DB55E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6621DD208778D8571BA49695288838EB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66B9DF036772D6990194596B95C60408_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66D356FD7929F64042D5E3634588BBEB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67A507106B597F7912F072CA5B9EE1CA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BD2691B43A2879B3B70D0159FDD32A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BE27274189D38DA37DCCFE5CF34F1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6747C29BDE5B31052040F6023EB5FA74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\690E4B58C3985D9A02D4BE604FB7ADC6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68808906C40556D2B9D6ECF7D5E48039_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67359AE3DBB0BE060F54DBDAD2B25CD9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AA68C45E777BC8D615373AD33FD7868_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A503C9AE371CA20B0DF697E33D6F22A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BF5B6C7099172922484308B2A32509D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C478367D4D01B9FF8B500B3CE35A9E5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\697B7C70B4DAD4243F882098E297C4B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D472A144AECB877F8C952FFAD886876_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D282483193928D11FD32DCCEEDE85E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AFBB88AD670298EC36F78E631E82F2B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D024E3EF34BF966F69A16F98E2FA035_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DD9BB077F1C750D983E94ACA5ED7250_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DBBCDCC12BC3272E251A012915280B1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E9B508EA47904F71709201FAC5E48ED_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4F637F624FBA24548B85E38D20E0EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F7E804E2C52AC19AC5319F3AD3B0ECD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEF43F914D1E1886E68DAB0FADF8A74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E48393D82F380FB60E35E3BE53B3313_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71351D0D18BD738825B2F8C01B127480_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71A352A09ADF9ED1D5ABD69078BF6C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7206B1A7B2D155258102B4E87C7B25AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722EEC80E918DF9E533EDB6B0D82D85A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\725F9CE62E434E74CDAB4158278A7784_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70D0DCC2536937AF7E24941B08FB7DF5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72AB36C15C7489C578DA1643C762AF51_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7262EAD119B2CE12BF8CB2A9D8650A03_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73F18FDD396BF1D3DA2052FFE10BCBEA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\739844BC399FFC40B4878052339BD930_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F58856A08955DFA9F0C1AE30F189EAA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7501FB4116983F3C552D8377AC874E14_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\748C2BB3ADCBB1946B840E87EBFD91DC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74061C1883E116DA53B945EAE30B358A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\775F500262241EC4816BBB9FDF2E8BE3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\764D9AA85CA6B229EF5D0E7C138792E2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\781BA3269C01E03C2D52FB45D423413C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77CE1AD3580574D83ED6859D48014E6D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7504DAF76AA85B40E1856F33DEBE5502_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78F8C8A8B9CD4C256EE5F7A11D30A6D8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A7370C910562EAC518EADF2A993F3B6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B7752DAB3D59BCE59A7329182B4EB49_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C5CBD1B67F3E2AF28FD9672A7EE29CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E5F1ABB4F066B80CC38FF9FC6A05E63_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7883C4AEAEFF6966AEE95E26CB3D9F7D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FA8A4CF683FCCC28294A20149B557C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FFC8731294219D5D9FFCFA32594B6BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\822BAD4CA627B23A8F3B6BCB4F7A80F0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82405DD64F6AD67989B070FF459755E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82C2811DD571969477F39F55F2BD3E5D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82CABB7950EE6D19F00E8F90A3CEEC97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8345958933A27DC9A4B7A85438AFB1EB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F1361186175AF727E630E430F3F5C55_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83D25CD4FB06BDEFCA723E7339578B9F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83CF6C85F9BE624B33394834091B4669_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\784038FC467F34DD454466E73A7CBA3C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84203D6EB4A7CEC801F903B0057DF25C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87FCDDED6F866895FC55392FA55EE857_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8805F70F6217ACEBDD66802CFD979C54_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8594AF5200A4B83EA916E7C96A90BE46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88AE1EE08F1C939DA7AE630812ACFE42_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88EA79E42C7008E92B8729A85CB55EF6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89F5F8ED84F48B69EB92145D25C06858_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A337C21CC7E4298159D6475F5F05778_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8789DADDB86379AD7BE03E90E6C89AB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8813DBE9682BF2B981D4D5327206D19F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A5C649A7915961FBE118C476922BB01_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A93702D0EA33C1D9C03E87B1F6D7643_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B8EFE07CC6D55B19E021F1262C888A7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B8D7CDD33E28BD40BEF533BA63FA5CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C390D0DB03027F53DE776C93D0049FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C6AB43711174CAFFFA4D23D350AFE2C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C882F81685940E2946CA32B05C3F06F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E55369C5CEDB4AEB7EBC04D7E141101_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DFDE79218AD8A5DA019B3E6E38DFE4F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CA4C6186BA496E078A29192A925075A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E7B00C4D77EE34F0BF3CB74F02C7AF4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4C386D4ABAB1C506C792C9ACDB157A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4E2546D6390DD9AF7AE9B4D110AA0D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F6CFB407D5B138A63C9C539B5A4D25E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9173437B69F09DC3317005CDB78993AC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93DDF296835DAC0FF7B4F69F6F9EC481_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EAC2F3160714DEFF3FC7DB80EB3DC0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9480A98C03052701DE0BFFAFD541959C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EDF3AFD6230A72DC7C0ECF97B3D734_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9509E5556407911F458D70FFE74C182C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\949DE074D00A0BD44D5D9B9A9749E6F7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\973EA345CF1CB2E1AC63422D7BDA5F92_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9598BAAC186C6AE9CE49B4AD2CEF49E3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93F83A5A4BD4B3BE61D543D662AD1F69_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\977FC5B46D57A872F9114CFDD8240FCA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A1BF19E797735BA70BEA4A8A6F9BCD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA6BB1BC96B15145C03F5C149CEA819_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A6F1D870D72F105A28F8AF59B5706BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CAC27C6E8539D72057CF45879A4827B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CEA41C71D682215291CD356F6025825_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E0C9B89F6E6B3526F2C4AD0ADC8F36F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E7C631E0E4AA7A371FB61D5DBE3A402_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A67FDA726775EC44205F967E342079A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B212E1F0061C2BA61A6D3ABB5826F71_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F47934E06493B0CD6FD25EF76E41A2C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A032BF0D01E7A44F399E2BE0983EF681_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A101CAA1F217F68D585A28564586E73F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0C4C1E5FE2DAC930819E91756C79368_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A28488DA07A4D5DCF18B5A17578CC23F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A212CF84329AFD79C302D4DDC20CA9FE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A1BDC908ADBC07C538186A458DED9E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3E7021E8E910909EB284E7D00E947D9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A067767BF197875F257A242ECBB5F4AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A49D92A2A8961F0BAB64E63DE0CB9185_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A6A27D64E4D5ECEA8BEFC916D056B0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A31AD1CCEF9D97C1364B24313096DA0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A525AF55E3A2255408938446DD721BD9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A534E942992FA3C7529164F8385DDA81_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5464598F17E396FAB3044FA655CFE5A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A271746B21C1C50BA2F1772CC2EAF2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5414A6258ACCDD88D542C4A8E0DF812_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5AD19ED9A1379EE1987FDDD6A88863E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5EA0FB3A4F181614872ABDF44B83744_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A54A8D08087BFE97AF3132436F7ACF53_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5B018C45BE8FD47A50FF8D7ECDFD071_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A75218121561393A13ACCAC2B0155273_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A763C0CB278569884BCC769656B82787_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8B5EF273629BFB3B88E0ABE1B44FDDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7CC36316E2452A12D05E4E43A80172F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A985B83BD534F08AF7127AEB13FD8F85_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A96743DB73613FFF61B071B65BA25F27_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA2F10AA4F591E1EE07C7907AEF54C81_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB3D1547679DE81CE863AF4DC4624DDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9CBA4D60693DB671D2F74EBF93836B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB70E1163F5EEB65C5B93761C5377FB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB0A6EBE16661D58AEAF15CABCE7B21C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC75B3A63F54DBF260BDDB5574E38DFD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE207BCF50591B1671B0F64FF557BF5A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC9880DF307A131B3AA90F7799B99470_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC3F4B0FADECE2702A69E22640475AB4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE940B6B5EFBE447DF6377C795DE89C2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEE6895265A4424E342B0C7517E1690D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE8DAB09CEEC18C3B75D09D85FF3E3F8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF9F97B7BFEC919B8F9E3599382AD468_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFB8E037EB3871577153DF908B30BD48_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEE6D99C5B9339F0D68882C87D21089B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B029DEB18AC0F6DD024A4A1239D627E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0AA59A3B04BEF976F01E60085981A76_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0006D5666ED4A8903B698516A2CED4F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0F5C41D2A0723D72346BA88D1EE1F1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B25EDB5DEFCFB02214AFF2BF023FBEE1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1816FD896810A193B4F39A7D408DDA5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B15C0DC3A79EC46601D9749A0B94A82A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3386E8B1292084360A92BC269D62CAF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B391DFE97CF793B7F2EF46F0476EA40D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B395EF1CFE0657DCAB64E6E00AB3C91D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B480D04D7656628C7BEF76B49AE9AA92_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B49BE70CF0EFB20E301CD946A1814870_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5DCE0BE48C02399A3C8252D3C92388A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5FAC944994AF235FDB2BDA30144F89B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5FED14190D5BADC286012F1218F2190_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6A0FBD02849E14FA96D892985ED2678_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6C03DA663D569137AAEB588FD957F6E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B52BC2AF0B63E22B7F671EA55CB355F1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8904C32175C5F732AD09B44E038C305_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F209CED155BBDC9F7381D826D7E7F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0D588C419084C74B4953C78A5CBC71_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9EC8D14F87AB8763328D1054B3DA7F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB00FE4E899EAE922D61F772576C557F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB76BF6495E2B5B67435BFD58D71E5B5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7CD306EED0E6367FD5A9F6E480165C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7A683696477D41677A1420F4F52F23_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0A22F764E71E0171C01B843C8293C9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAE85F02E5BED512BD09E93A4A807446_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCFB34120EBFD767CA4B38F13A9C28B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCF055B274D28AB950BDF80EBF186D33_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD81A9608ED379D1524845D43A68D983_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEAA257FF80AB8B59EE3129E37E34D8D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCAFA7A511F53B9F242B01C5DA2DC963_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD4D6907307C388A156AC5375F708ED8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF3591C3510A9274D8850ACAECCB2E97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF84F03F6F5760BDD991D2E849AF8525_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFA6B57A731DF7EEA1F075FFA246655F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2132BEFC35DB260D4AED41FD4BE90BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2792A4218B13083AAD572CD672C326E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2843C7300944A904372E8A85B8A0C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2F1BDAD229378A0B3D8165A0DCA63C7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1022827FF3AF99C159C74C043265D33_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3C851D3D9BA7F11467293E39355D4B4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C15E5DADC13CE35379F58AC99732A50F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C44E23D2726F335FEE51091D88BE62E4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3441611C80F91826CE52951465D46D1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53D017C8D685EF4E1836BC09C4137CE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C630286AA3AB846998A8393FA3D4E6F3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4B74B3798283121CB891ABEDF684A74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7FFF84A5E72247FBAA6EB1B8BB22FBE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7AC5B280EBA2B22BE5BD07497A61578_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6D8FBCC257DD6E0BC5F74C5D2150221_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C851E8508C1DB70DC925E2F669B41D87_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C835A4074192FB078F3CCA7D88E58A77_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91439AE5A6FB87FF73E81A9383B91D7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4DD7062790A537E3D53FB86601EBA65_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91D3A423AE741FA0F1C71A5AA92A8FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8824A5CFA6AB1598E8B18C0835006A0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA530A6488438C86618B5CF2A2AAA260_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9694AB9B2D5637F699721F4F26EFD6A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB01ACE359FE5B700DA2731E298BFBF6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA8AE33A20DFB364613C896E85813941_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA6AD84C8ECA14516C2819B06CA675E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB6C0D59A7C43049C34AEF3545B6175B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBE80523BBCD8F556D7C8EC252728527_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD92BB89D71C8E89CD07F43F72A3A81E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD9B92FD1D7444D9D1A8CFFDD391AF8F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDFBC071A66583C336EB9AE3031CC1B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD0CB5A0977EF29BF1E18CC2D04C2D4E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE1D840D3C4459A343173D67FB8E1C38_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC229149BFEB428836D46BC271E55904_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF6156F9D5E9A7272644A3097D03D51F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE473B16AE1DC19DF11A8B8F07E26F08_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D10B9F194B54AE62900FF49003FF909A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D16D0B5A95A3C6529D7488E1686E2730_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D16266FE77849650CD82F0672C42769F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03BA7D88083D76379667316F79C1A4E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2600ED935B72178C35B2F5D6EF70889_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3DF236E1807003E3378131BB9AF6CDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D209BE7F307A5F0CE821C1FFF5FE6FB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D314C205ED63D0489AC3BBDE127F940E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D502D750E99A79E5CFC93429BE9FC665_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D65644ABA58FD256466AD446FFD45A2F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D660A5C0E9D902EBF7CDEEC0B3ED5A4B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D584BDCFA226130558E79A14738779D3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6540D6D8F0AEDD6495AF48FC9AEC3C8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6800DD988939B92A29871FBFCE821FC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7823B1919BFBFE32C79C0B8E8647C0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D68572C69A369955302B8C24EFB4398E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D8CD6E3172856B8A3E5937739683165D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA818EDE08662C1EE2976148B0F8E782_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D790EB36A80533BA07941B541E99F497_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF15D90A02F2E3445F8FCDD63826831_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D95ED52C8A2E20182894783B4733552C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC444B848AC55F1A744F1F9E98999E4C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB7EF68CF4428A4A98A7A40DECE073BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB7281C33C1D2FA2FA227199C08CC9F2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD97A4BBB04C91D15C6378A3907BCDAF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DDB5971F1D16068C470C84C2921FA945_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E04D6CBACCFF810C7D6D0BE032D7ACFA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E08DC04BCA8A2CB5E6963664029A4FBC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0A2103188F2586733A39D6B2767E8FD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF22BE7ADB495DFD6B2FF824F4B4CC48_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DED595D67AD13BE16F1672477DDC70AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E29533D15D355EACE8791FFB650C0914_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E052A7DCBBDD8B14C866814515F2881F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2E143037675FECB55B187815251ADB3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E197134AAD2483981CE468C8B0E1172F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E30AE7B3C16F157A18421CFA53070981_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E29969E804D6C0513B9911F742676A16_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E37C69715EA1EE92A325FA1BEC43BD06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E33CB0799120D8E776F86AADFAE6FE06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5A9451D3DDBAAE86081EEC85B709846_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E630D01AEB5F439D8EA50C96E2897A87_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E37D6BA66659D33BFC94F58A7A31D3C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6A70498B75046738C56667949008DE6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6C57122D5DEE1460E70C4FD84F352F6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E39DA31267A3760ED2261BE64C33CCD0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7658EA05B61B8EA595C4BF1AE9BCB3D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8C70AAEDA42EB5FCB89DBEF3A4DB871_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E98BD2A25E40C8FF3D9CE95C32D16B98_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E93F3EC9484D7073555F5F42B106250D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E71BE1A5D763186DE9CEBCDB0B5D4FFE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E93C9157B06B6160E50BDF083E6396D4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB672FAAE3DBAC5ED229FDD89DEBE79B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBD452A49531A8BA0D5C8BB91919D114_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA79701109EF5078363EEFC0BB2B2540_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC6EAF59765B3C4822E140D5916645FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED36A4B87BA5EF9380113ACAF82483F2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDA2C01B809F5F42A4F770C366E7C215_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED56E39D4F9E46EE0E410603E2BF39BB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDFD6A9DF4C4FAE23CB66ECE9BC562B4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED83F10C4224DBC6809AB555530BAD19_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFBFF60D032B8E801892AAC79F00EFD1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFFA53126D1E735240441F20500ECDEC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EECFC8714AB6F25B6534DF8F56278BAD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFDA41598F1FBB0DC551C4B8C9E3D092_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0BC77FDF807B16791EE80606CD7ECC3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F05D82F8D3B9C6AB70CB9F4C9840C9A7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F03C8E4CF785BF39EF8D7E481AB63021_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0F4FFC30DC63BE40E51A49E7640BC66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F157FCED4BAB7AE4212182EF8AC113EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1F1F704542FED1FB86CFEEB9DC9FEFE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F295A1D79ABF0BDB5C900800B9242E12_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2BA10940B431FDD228F74B6AF781315_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F33EADF4525D130B7E2E70366A690965_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3617B81FC7C45ECD398D864E1E5DF0C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3E8297A454436606C99A64C29C5878D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F53E99C7AD17CECC541B20E956631C9B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3DD8E6E5E626423C4EAE71D1D70E21F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4E7BD05BC771F649D9D6B3836B309FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3CA24C2AA0B567EB22367D353A54CBE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F56CBE0D645B2BB31B0FC6D324A813B9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F549EAA367341DFDA43C586E2482CF65_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5DB7A9EFAE42885FD7487F1B2621F40_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5F13D6637991AF26E03C772EB106DA0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F63972088693044E6CD051EADA0895CF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F683825D5114E54853BDD3C8361793D0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F69AAB78B1D770348386A1DFEBDAC310_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5A6DA17592C35DF5D3B0F485D501D53_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5835611BBD9BA059188730A09C0E939_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F75F02191DB5477294B7C950041F980E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8FC51C0AE2D95D44FF2DA547B66F3DD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F86F7C026FEDCDB2CFE6E85EDC5AE47D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F87325A771B0B88A6174C368CF22C533_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F946DE79918A85D1AC99CB72F2B662CE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F88B12918BF09D203DE77DF6E56443CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA3E681F52374E3FBA50E9828F7B1499_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA0D6F6C1F87E9EF70889A4E6BE3C870_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB711DFBF8A03E0D6A9600731B3055FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB5AA22910A0A0AEC483DD4131B465BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD960BEE3E61D87A339315CC6E3DEF66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE9C11A8BE9215761A8445367F7F945E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
    Options

    Scanning engines: Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
    • Use advanced heuristics
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Excellent!

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  19. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    ComboFix 12-07-31.03 - Stuart Wilson 02/08/2012 14:26:51.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3072.2129 [GMT 10:00]
    Running from: c:\users\Stuart Wilson\Desktop\ComboFix.exe
    Command switches used :: c:\users\Stuart Wilson\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    .
    Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 05:01 . 2012-08-02 05:01 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\MpKslfa0bfde9.sys
    2012-08-02 04:35 . 2012-08-02 05:01 -------- d-----w- c:\users\Stuart Wilson\AppData\Local\temp
    2012-08-02 04:35 . 2012-08-02 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-31 11:54 . 2012-07-31 11:54 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\f-secure
    2012-07-31 11:54 . 2012-07-31 11:54 -------- d-----w- c:\programdata\F-Secure
    2012-07-31 06:43 . 2012-07-31 06:43 -------- d-----w- c:\program files\ESET
    2012-07-31 06:32 . 2012-07-31 06:32 -------- d-----w- C:\_OTL
    2012-07-30 00:20 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\mpengine.dll
    2012-07-26 23:49 . 2012-07-26 23:49 -------- d-----w- C:\FRST
    2012-07-26 10:47 . 2012-07-26 14:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2012-07-23 22:44 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-23 22:41 . 2012-07-23 22:41 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-23 05:35 . 2012-07-23 05:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-22 22:14 . 2012-07-23 04:33 -------- d-----w- C:\Poker
    2012-07-13 05:24 . 2012-07-13 05:24 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\Python-Eggs
    2012-07-13 05:24 . 2012-07-22 23:39 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\BitLord
    2012-07-13 05:11 . 2012-07-13 05:11 -------- d-----w- c:\programdata\Ralink
    2012-07-13 05:10 . 2011-11-28 10:21 8192 ----a-w- c:\windows\system32\drivers\rt2870.bin
    2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\program files\Cisco
    2012-07-13 05:10 . 2011-05-04 03:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-07-13 05:10 . 2011-05-04 03:54 802880 ----a-w- c:\windows\system32\RaIHV.dll
    2012-07-13 05:10 . 2010-07-01 07:45 119648 ----a-w- c:\windows\system32\RaExtUI.dll
    2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\programdata\NETGEAR
    2012-07-12 06:24 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 03:46 . 2010-08-06 09:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-22 00:03 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 00:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 00:03 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 00:03 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 00:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-22 00:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-22 00:03 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:19 . 2012-06-22 00:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:12 . 2012-06-22 00:03 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-07-21 01:01 . 2011-07-15 01:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2009-04-13 604704]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-20 1406976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-13 4577760]
    NETGEAR WNDA4100 Genie.lnk - c:\program files\NETGEAR\WNDA4100\WNDA4100.EXE [2012-1-3 5001472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk]
    backup=c:\windows\pss\TitanCalculator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-05 14:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-10-08 04:32 133104 ----atw- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-07-03 03:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
    2010-04-16 21:36 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 03:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
    2010-07-06 19:32 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [x]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
    S1 MpKslfa0bfde9;MpKslfa0bfde9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\MpKslfa0bfde9.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
    S2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLFA0BFDE9
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
    - c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
    - c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$PROPHETSQL]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:pROPHETSQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-988588282-1707717258-2563674901-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F07CEBA-9A0E-3AD7-0BE7-83239DC860F6}*]
    "hagheagpkmhmcmkj"=hex:6b,61,6c,6d,66,6c,64,69,64,63,61,6d,6d,63,6a,62,6b,6c,
    70,70,61,63,00,00
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\NETGEAR\WNDA4100\Service\RaRegistry.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 15:04:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 05:04
    ComboFix2.txt 2012-07-30 00:22
    .
    Pre-Run: 198,493,396,992 bytes free
    Post-Run: 198,356,041,728 bytes free
    .
    - - End Of File - - FE11F184AE01850462E659418D2E69D6
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  21. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Sorry about the late reply been working late. Here is the report for the latest scan
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=1eeff7b3bf88cd4f912a399cad58e6eb
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-07-31 11:33:53
    # local_time=2012-07-31 09:33:53 (+1000, AUS Eastern Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 34863539 95366759 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=86868
    # found=0
    # cleaned=0
    # scan_time=2465
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=1eeff7b3bf88cd4f912a399cad58e6eb
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-08-04 05:43:47
    # local_time=2012-08-04 03:43:47 (+1000, AUS Eastern Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 35177319 95680539 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=174099
    # found=0
    # cleaned=0
    # scan_time=13279
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  23. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Hi, sorry for the delay have been working late nights,
    I ran every thing you said to and it all appears to be working well here is the latest reportr

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 6 Update 32
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.0.1.152
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Update Java

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
     
  25. Stui Wilson

    Stui Wilson TS Rookie Topic Starter

    Thanks very much, updated and everything seems to be running well. Thanks very much!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...