Solved Sirefef/1 minute reboot

Stui Wilson · Jul 26, 2012

Hi There,
Seems as though I have the same problem as everyone else. Would love some help. Please find below my logs. Thanks

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 15:49:23
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-20] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1298320 2011-04-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-12] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-14] (PC Tools)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1406976 2011-12-20] (Wondershare)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [RMAlert] "C:\Program Files\Registry Mechanic\Alert.exe" /PRODUCT=RM /R [1016792 2010-09-15] (PC Tool)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [973488 2012-07-02] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-25] (Microsoft Corporation)
HKU\Stuart Wilson\...\Run: [Google Update] "C:\Users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-10-07] (Google Inc.)
HKU\Stuart Wilson\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-25] (Microsoft Corporation)
2 MSSQL$PROPHETSQL; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPROPHETSQL [29293408 2010-12-09] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-25] (Microsoft Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-27] (PC Tools)
2 RalinkRegistryWriter; "C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe" [377088 2011-11-20] (Ralink Technology, Corp.)
2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo)
2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-25] ()
2 msftesql$PROPHETSQL; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f

ROPHETSQL [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-05] (Broadcom Corporation)
3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-18] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-02] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-09] (Apple Inc.)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1277504 2012-01-12] (Ralink Technology Corp.)
3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-02] (CACE Technologies, Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-12] (Microsoft Corporation)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
4 RelevantKnowledge; [x]
3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-26 15:49 - 2012-07-26 15:49 - 00000000 ____D C:\FRST
2012-07-26 02:47 - 2012-07-26 06:54 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-07-25 21:01 - 2012-07-25 21:01 - 00000000 ____D C:\Users\Stuart Wilson\Downloads\NETGEAR
2012-07-23 14:41 - 2012-07-23 14:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-23 14:39 - 2012-07-23 14:39 - 10288512 ____A (Microsoft Corporation) C:\Users\Stuart Wilson\Downloads\mseinstall.exe
2012-07-22 22:50 - 2012-07-22 22:50 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Stuart Wilson\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-22 22:50 - 2012-07-22 22:50 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-22 21:35 - 2012-07-22 21:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-22 14:14 - 2012-07-22 20:33 - 00000000 ____D C:\Poker
2012-07-20 03:53 - 2012-07-13 12:44 - 366967146 ____A C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
2012-07-18 15:52 - 2012-07-18 15:52 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-12 21:24 - 2012-07-22 15:39 - 00000000 ____D C:\Users\Stuart Wilson\AppData\Roaming\BitLord
2012-07-12 21:24 - 2012-07-12 21:24 - 00000000 ____D C:\Users\Stuart Wilson\AppData\Roaming\Python-Eggs
2012-07-12 21:23 - 2012-07-12 21:23 - 00001969 ____A C:\Users\Stuart Wilson\Desktop\BitLord.lnk
2012-07-12 21:23 - 2012-07-12 21:23 - 00000000 ____D C:\Users\Stuart Wilson\Documents\BitLord
2012-07-12 21:22 - 2012-07-12 21:23 - 00000000 ____D C:\Program Files\BitLord 2
2012-07-12 21:19 - 2012-07-12 21:21 - 26143715 ____A C:\Users\Stuart Wilson\Downloads\BitLord 2.1.1 Installer.exe
2012-07-12 21:11 - 2012-07-12 21:11 - 00002025 ____A C:\Windows\System32\RaCoInst.log
2012-07-12 21:11 - 2012-07-12 21:11 - 00000000 ____D C:\Users\All Users\Ralink
2012-07-12 21:10 - 2012-07-12 21:10 - 00002025 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2012-07-12 21:10 - 2012-07-12 21:10 - 00000000 ____D C:\Users\All Users\NETGEAR
2012-07-12 21:10 - 2012-07-12 21:10 - 00000000 ____D C:\Program Files\Cisco
2012-07-12 21:10 - 2011-11-28 02:21 - 00008192 ____A C:\Windows\System32\Drivers\rt2870.bin
2012-07-12 21:10 - 2011-05-03 19:56 - 01608768 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2012-07-12 21:10 - 2011-05-03 19:54 - 00802880 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaIHV.dll
2012-07-12 21:10 - 2010-06-30 23:45 - 00119648 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaExtUI.dll
2012-07-11 22:27 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 22:27 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 22:27 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 22:27 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 22:27 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 22:27 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 22:27 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 22:27 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 22:27 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 22:27 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 22:27 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 22:27 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 22:27 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 22:27 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 22:24 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 21:04 - 2012-07-11 21:44 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\Outlook Files
2012-07-11 15:40 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 15:40 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 15:40 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 15:40 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 15:40 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 15:40 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 15:40 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 15:40 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 15:40 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 15:39 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:37 - 2012-07-10 20:44 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\New folder (2)
2012-07-02 20:14 - 2012-07-02 21:08 - 00000000 ____D C:\Users\Stuart Wilson\Desktop\New folder

============ 3 Months Modified Files ========================

2012-07-26 06:54 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-25 21:11 - 2010-09-04 21:38 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-25 21:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-25 21:10 - 2009-07-13 20:39 - 00106109 ____A C:\Windows\setupact.log
2012-07-23 16:14 - 2009-10-07 20:32 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
2012-07-23 15:54 - 2010-09-04 21:38 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 14:49 - 2009-10-07 19:27 - 00039328 ____A C:\Windows\PFRO.log
2012-07-23 14:42 - 2009-10-07 16:52 - 01377174 ____A C:\Windows\WindowsUpdate.log
2012-07-23 14:41 - 2011-02-07 12:37 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-23 14:41 - 2009-10-07 17:01 - 00861310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 14:39 - 2012-07-23 14:39 - 10288512 ____A (Microsoft Corporation) C:\Users\Stuart Wilson\Downloads\mseinstall.exe
2012-07-23 14:37 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 14:37 - 2009-07-13 20:34 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 14:14 - 2009-10-07 20:32 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
2012-07-22 22:50 - 2012-07-22 22:50 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Stuart Wilson\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-22 22:50 - 2012-07-22 22:50 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 16:58 - 2010-03-22 23:50 - 00002152 ____A C:\Users\All Users\hpzinstall.log
2012-07-18 15:52 - 2012-07-18 15:52 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-14 14:01 - 2009-07-13 20:53 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-14 12:35 - 2011-06-29 20:49 - 00000270 ____A C:\Windows\Tasks\RMSchedule.job
2012-07-13 12:44 - 2012-07-20 03:53 - 366967146 ____A C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
2012-07-12 21:23 - 2012-07-12 21:23 - 00001969 ____A C:\Users\Stuart Wilson\Desktop\BitLord.lnk
2012-07-12 21:21 - 2012-07-12 21:19 - 26143715 ____A C:\Users\Stuart Wilson\Downloads\BitLord 2.1.1 Installer.exe
2012-07-12 21:11 - 2012-07-12 21:11 - 00002025 ____A C:\Windows\System32\RaCoInst.log
2012-07-12 21:10 - 2012-07-12 21:10 - 00002025 ____A C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2012-07-12 12:54 - 2009-07-13 20:33 - 00411248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 22:24 - 2009-10-13 12:12 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 17:22 - 2010-05-20 02:51 - 00000204 ____A C:\Windows\MYOBP.INI
2012-07-08 17:22 - 2010-05-20 02:51 - 00000043 ____A C:\Windows\MYOB.INI
2012-07-02 19:46 - 2010-08-06 01:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 21:30 - 2012-05-09 16:20 - 00973824 ____A C:\Users\Stuart Wilson\Desktop\Elegance Oven Cleaning - Reminder List.xls
2012-06-25 17:27 - 2012-06-25 16:21 - 00000022 ____A C:\Users\Stuart Wilson\Downloads\Macquarie University Doctor of Physiotherapy - Anatomy resources.zip
2012-06-11 18:40 - 2012-07-11 22:24 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-11 15:39 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-11 15:40 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 15:40 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 15:40 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 16:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 16:03 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 16:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 16:03 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 01:07 - 2012-07-11 22:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 22:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 22:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 22:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 22:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 22:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 22:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 22:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 22:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 22:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 22:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 22:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 22:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 22:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 21:19 - 2012-06-21 16:03 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:12 - 2012-06-21 16:03 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-11 15:40 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 15:40 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 15:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 15:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 15:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 17:30 - 2012-05-30 17:30 - 02288188 ____A C:\Users\Stuart Wilson\Downloads\URGENT_-_Evaluation.zip
2012-05-23 22:50 - 2012-05-23 22:50 - 00416240 ____A C:\Users\Stuart Wilson\Downloads\Attachments_2012_05_24.zip
2012-05-23 16:59 - 2012-05-23 16:58 - 03016438 ____A C:\Users\Stuart Wilson\Downloads\2008
2012-05-17 15:23 - 2011-06-30 01:27 - 00003072 ____A C:\Windows\System32\Cache.db
2012-05-10 19:14 - 2012-05-10 19:09 - 20032520 ____A (PokerStars) C:\Users\Stuart Wilson\Downloads\PokerStarsInstall.exe
2012-05-10 17:07 - 2012-05-10 17:03 - 00855552 ____A C:\Users\Stuart Wilson\Desktop\Elegance Oven Cleaning - Reminder List 1.xls
2012-05-08 16:12 - 2012-04-30 17:35 - 00894464 ____A C:\Users\Stuart Wilson\Desktop\Oven Cleaning Reminder List.xls
2012-05-06 18:16 - 2012-05-02 16:33 - 00014896 ____A C:\Users\Stuart Wilson\Desktop\Payslip Form.xlsx
2012-05-03 13:43 - 2012-05-03 13:43 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-03 13:43 - 2012-05-03 13:43 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-03 13:43 - 2012-05-03 13:43 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-03 13:43 - 2012-05-03 13:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-03 13:43 - 2012-05-03 13:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-03 13:41 - 2012-05-03 13:40 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Stuart Wilson\Downloads\jxpiinstall.exe
2012-05-02 21:16 - 2012-02-16 11:43 - 00012979 ____A C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
2012-05-02 17:12 - 2012-05-02 17:12 - 00083824 ____A C:\Users\Stuart Wilson\Desktop\Contact List.xlsx
2012-05-01 14:31 - 2011-11-06 12:26 - 00000671 ____A C:\Users\Stuart Wilson\Desktop\Internet.lnk
2012-05-01 04:12 - 2012-05-01 04:12 - 00060039 ____A C:\Users\Stuart Wilson\Documents\Servicem8 Contacts.csv
2012-04-30 23:10 - 2012-01-29 14:08 - 00012374 ____A C:\Users\Stuart Wilson\Documents\Fix Jobs.xlsx
2012-04-30 20:44 - 2012-06-13 20:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 17:26 - 2011-07-25 23:49 - 00000853 ____A C:\Users\Stuart Wilson\Desktop\New Job Sheet.lnk

ZeroAccess:
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\@
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\L
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U\00000001.@

ZeroAccess:
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\@
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\L
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-26 06:54] - 0259072 ____A (Microsoft Corporation) 21835BD18857B8BADD3858DE3B74F76C

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3071.55 MB
Available physical RAM: 2582 MB
Total Pagefile: 3069.83 MB
Available Pagefile: 2591.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:372.51 GB) (Free:118.06 GB) NTFS
4 Drive f: () (Removable) (Total:7.5 GB) (Free:3.88 GB) FAT32
5 Drive g: (Expansion Drive) (Fixed) (Total:1863 GB) (Free:1819.8 GB) exFAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 372 GB 0 B
Disk 1 Online 7695 MB 0 B
Disk 2 Online 1863 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 372 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 372 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7695 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7695 MB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Expansion D exFAT Partition 1863 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 14:52

======================= End Of Log ==========================

SEARCH.TXT

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 15:57:34
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-26 06:54] - 0259072 ____A (Microsoft Corporation) 21835BD18857B8BADD3858DE3B74F76C

=== End Of Search ===

Jay Pfoutz · Jul 26, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Stui Wilson · Jul 26, 2012

Thanks for helping Jay, so I have restarted it after running the fix and it seems to be stable. Below is the fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 08:02:46 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{ae85b9a3-73a2-168c-aa32-564690b36f1d} moved successfully.
C:\Users\Stuart Wilson\AppData\Local\{ae85b9a3-73a2-168c-aa32-564690b36f1d} moved successfully.

==== End of Fixlog ====

Jay Pfoutz · Jul 27, 2012

Great! Please run the following:

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

Stui Wilson · Jul 27, 2012

Thanks, I have posted reports below - how are things going is it almost healthy?

REPORT 1:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Stuart Wilson [Admin rights]
Mode: Scan -- Date: 07/28/2012 09:50:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD403LJ ATA Device +++++
--- User ---
[MBR] 503750e41cea4b5e8911823d9ce4010f
[BSP] ea0815d951bb8a75bd58fa2d4a74524b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 381451 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

REPORT 2:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Stuart Wilson [Admin rights]
Mode: Remove -- Date: 07/28/2012 09:52:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD403LJ ATA Device +++++
--- User ---
[MBR] 503750e41cea4b5e8911823d9ce4010f
[BSP] ea0815d951bb8a75bd58fa2d4a74524b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 381451 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

REPORT 3:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Stuart Wilson [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/28/2012 09:55:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 54 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 470 / Fail 0
My documents: Success 12 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 1000 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 74 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Jay Pfoutz · Jul 28, 2012

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Stui Wilson · Jul 29, 2012

ComboFix 12-07-27.03 - Stuart Wilson 29/07/2012 20:04:14.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3072.2089 [GMT 10:00]
Running from: c:\users\Stuart Wilson\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Pe
c:\program files\Pe\AEGAXS.dll
c:\program files\Pe\APData.dll
c:\program files\Pe\App.ico
c:\program files\Pe\BPData.dll
c:\program files\Pe\CNData.dll
c:\program files\Pe\Configs.xml
c:\program files\Pe\Framework.Controls.ProgressBar.dll
c:\program files\Pe\FTData.dll
c:\program files\Pe\HId.dll
c:\program files\Pe\HuD.xml
c:\program files\Pe\HudMoveDLL.dll
c:\program files\Pe\ICSharpCode.SharpZipLib.dll
c:\program files\Pe\iexplore.exe
c:\program files\Pe\iexplore.exe.config
c:\program files\Pe\Interop.VXPLibrary.dll
c:\program files\Pe\Lib\accllistbar.dll
c:\program files\Pe\Lib\AxInterop.SHDocVw.dll
c:\program files\Pe\Lib\Infragistics.Shared.v3.2.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Core.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Data.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Render.v4.1.dll
c:\program files\Pe\Lib\Infragistics.UltraChart.Resources.v4.1.dll
c:\program files\Pe\Lib\Infragistics.Win.Misc.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinChart.v4.1.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinDock.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinEditors.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinListBar.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinTabControl.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.UltraWinToolbars.v3.2.dll
c:\program files\Pe\Lib\Infragistics.Win.v3.2.dll
c:\program files\Pe\Lib\Interop.SHDocVw.dll
c:\program files\Pe\Lib\MessageBoxExLib.dll
c:\program files\Pe\Lib\pecomm.dll
c:\program files\Pe\Lib\PokerHUD.dll
c:\program files\Pe\Lib\shellstyle.dll
c:\program files\Pe\Lib\xpexplorerbar.dll
c:\program files\Pe\License.txt
c:\program files\Pe\Lobby Edge\ICSharpCode.SharpZipLib.dll
c:\program files\Pe\Lobby Edge\if1.dll
c:\program files\Pe\Lobby Edge\if2.dll
c:\program files\Pe\Lobby Edge\if3.dll
c:\program files\Pe\Lobby Edge\if4.dll
c:\program files\Pe\Lobby Edge\Interop.VXPLibrary.dll
c:\program files\Pe\Lobby Edge\LobbyEdge.exe
c:\program files\Pe\Lobby Edge\LobbyEdge.exe.config
c:\program files\Pe\Lobby Edge\OpenerInterface.dll
c:\program files\Pe\Lobby Edge\rules.ini
c:\program files\Pe\Lobby Edge\SpHeader.dll
c:\program files\Pe\Lobby Edge\tfplugin_interface_library.dll
c:\program files\Pe\Lobby Edge\VXPLib.dll
c:\program files\Pe\Lobby Edge\XPExplorerBar.dll
c:\program files\Pe\log.txt
c:\program files\Pe\MGData.dll
c:\program files\Pe\MNData.dll
c:\program files\Pe\Notes.xml
c:\program files\Pe\NTGA11X.dll
c:\program files\Pe\OGData.dll
c:\program files\Pe\OverlayDll.dll
c:\program files\Pe\PE4Hud.dll
c:\program files\Pe\PE4Hud2.dll
c:\program files\Pe\PNData.dll
c:\program files\Pe\PSData.dll
c:\program files\Pe\Readme.txt
c:\program files\Pe\Settings.xml
c:\program files\Pe\SitePathFinder.dll
c:\program files\Pe\TPData.dll
c:\program files\Pe\VXPLib.dll
c:\users\Stuart Wilson\Documents\~WRL0003.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-29 08:03 . 2012-07-30 00:10 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\offreg.dll
2012-07-26 23:49 . 2012-07-26 23:49 -------- d-----w- C:\FRST
2012-07-26 10:47 . 2012-07-26 14:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-23 22:44 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\mpengine.dll
2012-07-23 22:42 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 22:41 . 2012-07-23 22:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-23 05:35 . 2012-07-23 05:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 22:14 . 2012-07-23 04:33 -------- d-----w- C:\Poker
2012-07-13 05:24 . 2012-07-13 05:24 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\Python-Eggs
2012-07-13 05:24 . 2012-07-22 23:39 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\BitLord
2012-07-13 05:22 . 2012-07-13 05:23 -------- d-----w- c:\program files\BitLord 2
2012-07-13 05:11 . 2012-07-13 05:11 -------- d-----w- c:\programdata\Ralink
2012-07-13 05:10 . 2011-11-28 10:21 8192 ----a-w- c:\windows\system32\drivers\rt2870.bin
2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\program files\Cisco
2012-07-13 05:10 . 2011-05-04 03:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
2012-07-13 05:10 . 2011-05-04 03:54 802880 ----a-w- c:\windows\system32\RaIHV.dll
2012-07-13 05:10 . 2010-07-01 07:45 119648 ----a-w- c:\windows\system32\RaExtUI.dll
2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\programdata\NETGEAR
2012-07-12 06:24 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 03:46 . 2010-08-06 09:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 00:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 00:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 00:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 00:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-22 00:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-22 00:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-03 21:43 . 2012-05-03 21:43 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-03 21:43 . 2012-05-03 21:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 04:44 . 2012-06-14 04:52 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-21 01:01 . 2011-07-15 01:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-13 604704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-20 1406976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RMAlert"="c:\program files\Registry Mechanic\Alert.exe" [2010-09-16 1016792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-13 4577760]
NETGEAR WNDA4100 Genie.lnk - c:\program files\NETGEAR\WNDA4100\WNDA4100.EXE [2012-1-3 5001472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk]
backup=c:\windows\pss\TitanCalculator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 14:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-08 04:32 133104 ----atw- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 03:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:36 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 03:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-07-06 19:32 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 MpKslc95baba5;MpKslc95baba5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21456D7C-9DA7-404D-A4D2-07ACD39EA1D1}\MpKslc95baba5.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
.
2012-07-14 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-06-30 00:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Memeo Instant Backup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
MSConfigStartUp-TomTomHOME - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$PROPHETSQL]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f

ROPHETSQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-988588282-1707717258-2563674901-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F07CEBA-9A0E-3AD7-0BE7-83239DC860F6}*]
"hagheagpkmhmcmkj"=hex:6b,61,6c,6d,66,6c,64,69,64,63,61,6d,6d,63,6a,62,6b,6c,
70,70,61,63,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NETGEAR\WNDA4100\Service\RaRegistry.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-07-30 10:22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 00:22
.
Pre-Run: 130,322,227,200 bytes free
Post-Run: 132,730,535,936 bytes free
.
- - End Of File - - 78C8C91D70C25FCE52AF61652D698404

Jay Pfoutz · Jul 30, 2012

Good!

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop
Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Stui Wilson · Jul 30, 2012

GREAT! are we almost clean?

OTL.txt
OTL logfile created on: 30/07/2012 7:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stuart Wilson\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
6.00 Gb Paging File | 5.03 Gb Available in Paging File | 83.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.51 Gb Total Space | 123.71 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive H: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STUARTWILSON-PC | User Name: Stuart Wilson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 19:44:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 18:58:28 | 005,001,472 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE
PRC - [2011/11/21 13:54:46 | 000,377,088 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe
PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/04/14 06:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2012/01/03 18:58:20 | 000,110,848 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA4100\Ralink.dll
MOD - [2011/09/15 16:55:56 | 001,066,856 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA4100\RaWLAPI.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - [2012/07/21 11:01:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/21 13:54:46 | 000,377,088 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/07/07 05:32:04 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/01 21:26:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\STUART~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/13 15:40:50 | 001,277,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/06 08:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009/07/14 08:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/03/17 10:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 33 8F 7F 61 6D CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stuart Wilson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stuart Wilson\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 20:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 11:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 20:11:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 11:01:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/12/08 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Extensions
[2010/12/08 17:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/05/02 10:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\extensions
[2012/01/30 06:23:11 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\extensions\Konverts@MediaPimp.com
[2012/02/07 05:58:10 | 000,002,291 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\searchplugins\s-amazon-uk.xml
[2012/06/20 10:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/21 11:01:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 10:41:33 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/20 10:41:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 10:41:33 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/20 10:41:33 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/20 10:41:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/20 10:41:33 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Extension = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Gmail = C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/30 10:17:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RMAlert] C:\Program Files\Registry Mechanic\Alert.exe (PC Tool)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{074DDE76-52DF-4C8F-89DB-80AA6549CD51}: DhcpNameServer = 211.29.132.12 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A925CCE-5F12-4A8C-B64F-EED614280729}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51E5B294-1026-4532-878F-A068023056D4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DC8321E-7B3B-4969-AB6D-7F8888DD9F6E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9D6F33-DC07-4179-A0C7-CF5D3C561DB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D399713B-74E8-4B01-B966-03124C17FE3A}: DhcpNameServer = 211.29.132.12 61.88.88.88
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 22:57:50 | 000,000,154 | R--- | M] () - H:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010/10/06 00:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 23:26:42 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Memeo AutoSync - hkey= - key= - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Seagate Dashboard - hkey= - key= - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.mjpg - C:\Windows\System32\mcmjpg32.dll (MainConcept)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Stui Wilson · Jul 30, 2012

OTL.txt CONTINUED
========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 19:44:51 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
[2012/07/30 10:17:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/29 20:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/29 20:00:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 20:00:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 20:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 20:00:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 19:59:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 18:10:51 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\Stuart Wilson\Desktop\ComboFix.exe
[2012/07/28 09:49:03 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\RK_Quarantine
[2012/07/27 09:49:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/26 20:47:28 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/07/24 08:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/23 15:35:20 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/23 08:14:38 | 000,000,000 | ---D | C] -- C:\Poker
[2012/07/13 15:24:09 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\Python-Eggs
[2012/07/13 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\BitLord
[2012/07/13 15:23:57 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
[2012/07/13 15:23:14 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Documents\BitLord
[2012/07/13 15:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 2
[2012/07/13 15:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/07/13 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/07/13 15:10:38 | 001,608,768 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaCertMgr.dll
[2012/07/13 15:10:38 | 000,802,880 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaIHV.dll
[2012/07/13 15:10:38 | 000,119,648 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\RaExtUI.dll
[2012/07/13 15:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA4100 Genie
[2012/07/13 15:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
[2012/07/12 16:27:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 16:27:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 16:27:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 16:27:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/12 16:27:18 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 16:27:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 16:27:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/12 16:24:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/12 15:04:59 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\Outlook Files
[2012/07/12 09:40:12 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/12 09:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/12 09:40:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/11 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\New folder (2)
[2012/07/03 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Stuart Wilson\Desktop\New folder
[2 C:\Users\Stuart Wilson\Desktop\*.tmp files -> C:\Users\Stuart Wilson\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 19:54:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 19:51:02 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 19:51:02 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 19:44:58 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart Wilson\Desktop\OTL.exe
[2012/07/30 19:44:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 19:43:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 19:43:25 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 10:17:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/30 10:14:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
[2012/07/29 18:11:09 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\Stuart Wilson\Desktop\ComboFix.exe
[2012/07/28 09:48:09 | 001,552,384 | ---- | M] () -- C:\Users\Stuart Wilson\Desktop\RogueKiller.exe
[2012/07/27 08:14:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
[2012/07/24 08:41:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/24 08:41:43 | 000,709,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 08:41:42 | 000,138,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/23 16:50:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 09:52:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/15 06:35:08 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/07/14 06:44:38 | 366,967,146 | ---- | M] () -- C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
[2012/07/13 15:23:58 | 000,001,969 | ---- | M] () -- C:\Users\Stuart Wilson\Desktop\BitLord.lnk
[2012/07/13 15:10:25 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
[2012/07/13 15:10:25 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
[2012/07/13 06:54:51 | 000,411,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 11:22:45 | 000,000,204 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/07/09 11:22:29 | 000,000,043 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\Stuart Wilson\Desktop\*.tmp files -> C:\Users\Stuart Wilson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 20:00:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 20:00:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 20:00:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 20:00:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 20:00:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/28 09:48:05 | 001,552,384 | ---- | C] () -- C:\Users\Stuart Wilson\Desktop\RogueKiller.exe
[2012/07/24 08:41:49 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/23 16:50:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 21:53:52 | 366,967,146 | ---- | C] () -- C:\Users\Stuart Wilson\Documents\Sons.of.Anarchy.S03E02.Oiled.HDTV.XviD-FQM.avi
[2012/07/19 09:52:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/13 15:23:58 | 000,001,969 | ---- | C] () -- C:\Users\Stuart Wilson\Desktop\BitLord.lnk
[2012/07/13 15:10:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\rt2870.bin
[2012/07/13 15:10:25 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
[2012/07/13 15:10:25 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
[2012/02/24 14:05:16 | 000,156,160 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2012/02/24 07:37:36 | 000,004,608 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 05:43:25 | 000,012,979 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/01/13 15:40:40 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/06/30 14:48:17 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/06/21 15:14:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/21 15:12:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/14 21:44:16 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/22 17:02:50 | 000,000,036 | -H-- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\swk.ini
[2010/07/18 17:52:13 | 000,038,445 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/02/07 17:41:22 | 000,000,101 | ---- | C] () -- C:\Users\Stuart Wilson\AppData\Local\fusioncache.dat

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/21 11:01:09 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/21 11:01:24 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 14:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/24 08:32:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 19:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/02 14:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2012/06/02 14:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/06/02 14:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/06/30 13:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/16 10:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/01/11 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
[2012/07/13 15:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord 2
[2011/10/17 16:19:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/10 18:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\CalculatemPro
[2012/07/13 15:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/07/19 10:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/02/24 13:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2012/07/29 20:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/08 17:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2012/01/11 16:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/09/16 10:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\Feedback Tool
[2011/03/24 10:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2011/03/21 18:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\Football Manager
[2011/11/17 09:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/28 12:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/07/13 15:10:25 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2012/07/13 06:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/18 16:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/07/24 19:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/07/19 09:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/05/04 07:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/12/15 10:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2012/02/24 07:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Leadbetter Interactive
[2009/10/29 13:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/05/10 15:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2011/03/21 18:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2012/07/23 16:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/19 11:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Memeo
[2009/10/15 17:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/07/17 13:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/05/20 20:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
[2009/07/14 17:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/24 08:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2011/06/24 08:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2010/07/17 13:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/07/24 08:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2012/05/09 16:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/03/31 21:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/07/17 13:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/17 13:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/07/17 13:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/17 13:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/08/25 18:32:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/21 11:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/22 15:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2010/07/17 13:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/29 12:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/03/24 05:41:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/06/23 16:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\MYOB
[2011/09/01 11:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Navman
[2012/07/13 15:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2011/06/24 08:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/11/16 19:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Poker-Spy
[2012/06/04 10:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2011/11/07 06:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/06/19 09:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2011/06/22 16:50:00 | 000,000,000 | ---D | M] -- C:\Program Files\RegistryCleanerFree
[2011/05/28 20:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2011/06/14 21:42:22 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/03/21 18:15:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2010/04/08 20:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\TMG
[2010/12/08 17:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/12/08 17:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2009/07/14 14:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2009/10/08 14:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\VIRGIN BROADBAND
[2011/03/21 17:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\WinAce
[2011/06/24 09:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/10 09:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/06/24 09:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 14:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/06/24 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/01/11 17:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012/02/24 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare
[2011/03/21 18:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2012/07/23 09:23:12 | 000,000,000 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\bitlord_log.txt
[2010/07/18 17:52:13 | 000,038,445 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/05/03 15:16:26 | 000,012,979 | ---- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2010/07/22 17:02:50 | 000,000,036 | -H-- | M] () -- C:\Users\Stuart Wilson\AppData\Roaming\swk.ini

< MD5 for: AFD.SYS >
[2011/04/25 12:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 18:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/25 12:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/25 12:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/25 12:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/25 13:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/14 09:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache\cryptsvc.dll
[2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 14:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 14:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 14:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/14 11:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 14:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 22:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 15:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 15:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/14 11:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 15:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/09/29 03:03:54 | 000,132,080 | ---- | M] () MD5=0FC1DBB12B4FC8B2ACE0344197F2BA07 -- C:\Users\Stuart Wilson\Desktop\Elegance Cleaning Group\Files to Take\Stuart Wilson\Users\Stuart\AppData\Local\Google\Chrome\Application\3.0.195.24\Locales\es.dll
[2012/06/28 20:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
[2009/09/14 04:09:14 | 000,132,080 | ---- | M] () MD5=9E752CFCD4D7F6381FD1E4C55884B724 -- C:\Users\Stuart Wilson\Desktop\Elegance Cleaning Group\Files to Take\Stuart Wilson\Users\Stuart\AppData\Local\Google\Chrome\Application\3.0.195.21\Locales\es.dll
[2012/07/10 14:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Users\Stuart Wilson\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

Stui Wilson · Jul 30, 2012

OTL.txt CONTINUED
< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 18:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 18:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/14 09:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
[2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/14 11:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
[2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/14 11:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2012/07/27 00:54:57 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=21835BD18857B8BADD3858DE3B74F76C -- C:\FRST\Quarantine\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 14:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 15:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/30 02:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 14:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 11:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 22:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/30 02:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 20:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/30 01:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2010/04/09 17:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010/04/09 17:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
[2011/09/30 02:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 16:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache\tcpip.sys
[2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 20:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 14:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 19:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011/06/21 15:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 16:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 16:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 15:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 16:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012/03/30 20:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
[2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 18:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/14 09:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/14 11:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 22:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010/12/21 15:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010/12/21 15:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

Stui Wilson · Jul 30, 2012

EXTRAS.TXT
OTL Extras logfile created on: 30/07/2012 7:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Stuart Wilson\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
6.00 Gb Paging File | 5.03 Gb Available in Paging File | 83.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.51 Gb Total Space | 123.71 Gb Free Space | 33.21% Space Free | Partition Type: NTFS
Drive H: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STUARTWILSON-PC | User Name: Stuart Wilson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}" = Leadbetter Interactive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21827590-5E66-424F-90AE-CF7BA2996509}" = MYOB ClientConnect Quote
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.20" = NavDesk 7.20
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PROPHETSQL)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BitLord" = BitLord 2.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"FLV Player2.0.25" = FLV Player
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}" = Leadbetter Interactive
"InstallShield_{21827590-5E66-424F-90AE-CF7BA2996509}" = MYOB ClientConnect Quote
"InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}" = NETGEAR WNDA4100 Genie
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"InstallShield_{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19
"InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RegistryCleanerFree" = Registry Cleaner Free
"Shop for HP Supplies" = Shop for HP Supplies
"The Marketing Game! - student software" = The Marketing Game! - student software
"VIRGIN BROADBAND" = VIRGIN BROADBAND
"WinAce Archiver" = WinAce Archiver
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.1.1)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6641FD7C-4F8D-456F-B352-E9BECF5102AF}" = MYOB ClientConnect
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/06/2012 11:19:01 PM | Computer Name = StuartWilson-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a6c Start
Time: 01cd5010a9eb0324 Termination Time: 187 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: fffc62c9-bc18-11e1-be19-0014850e954e

Error - 26/06/2012 9:06:59 PM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time
stamp: 0x4b58fdfa Faulting module name: pstprx32.dll, version: 14.0.4734.1000, time
stamp: 0x4b582007 Exception code: 0xc0000094 Fault offset: 0x00013755 Faulting process
id: 0x12b0 Faulting application start time: 0x01cd53f879d656b1 Faulting application
path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:
c:\progra~1\micros~2\office14\pstprx32.dll Report Id: 64af2643-bff4-11e1-a873-0014850e954e

Error - 3/07/2012 12:21:59 AM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: pnidui.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b99d Exception code: 0xc0000005 Fault offset: 0x00015c98 Faulting
process id: 0xb9c Faulting application start time: 0x01cd58a83364e761 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\pnidui.dll
Report
Id: a1169c44-c4c6-11e1-82af-0014850e954e

Error - 11/07/2012 1:35:30 AM | Computer Name = StuartWilson-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 14.0.4734.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15a8 Start
Time: 01cd5f268d65f39f Termination Time: 19 Application Path: C:\Program Files\Microsoft
Office\Office14\WINWORD.EXE Report Id: 233ea0c0-cb1a-11e1-a266-0014850e954e

Error - 11/07/2012 11:04:02 PM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time
stamp: 0x49dd90d9 Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc24 Faulting process
id: 0xfe4 Faulting application start time: 0x01cd5fbd6464c804 Faulting application
path: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Faulting module path:
C:\Windows\system32\ole32.dll Report Id: 3af10286-cbce-11e1-815e-0014850e954e

Error - 13/07/2012 1:09:45 AM | Computer Name = StuartWilson-PC | Source = VSS | ID = 8194
Description =

Error - 18/07/2012 9:02:13 PM | Computer Name = StuartWilson-PC | Source = VSS | ID = 8194
Description =

Error - 23/07/2012 1:14:20 AM | Computer Name = StuartWilson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallFlashPlayer.exe, version: 11.0.1.152,
time stamp: 0x4e7d1453 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x001de998 Faulting process id:
0x1194 Faulting application start time: 0x01cd6891ffe3d545 Faulting application path:
C:\Users\STUART~1\AppData\Local\Temp\InstallFlashPlayer.exe Faulting module path:
unknown Report Id: 4185ceaf-d485-11e1-8b33-0014850e954e

Error - 23/07/2012 7:27:37 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

Error - 23/07/2012 8:08:44 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The RPC server is unavailable. .

[ Media Center Events ]
Error - 13/05/2011 9:51:39 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 11:51:38 AM - Error connecting to the internet. 11:51:38 AM - Unable
to contact server..

Error - 13/05/2011 9:51:53 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 11:51:44 AM - Error connecting to the internet. 11:51:44 AM - Unable
to contact server..

Error - 13/05/2011 10:53:06 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 12:53:04 PM - Error connecting to the internet. 12:53:04 PM - Unable
to contact server..

Error - 13/05/2011 10:53:31 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 12:53:11 PM - Error connecting to the internet. 12:53:11 PM - Unable
to contact server..

Error - 13/05/2011 11:53:43 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 1:53:42 PM - Error connecting to the internet. 1:53:42 PM - Unable
to contact server..

Error - 13/05/2011 11:53:52 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 1:53:48 PM - Error connecting to the internet. 1:53:48 PM - Unable
to contact server..

Error - 14/05/2011 12:53:56 AM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 2:53:56 PM - Error connecting to the internet. 2:53:56 PM - Unable
to contact server..

Error - 14/05/2011 12:54:02 AM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 2:54:01 PM - Error connecting to the internet. 2:54:01 PM - Unable
to contact server..

Error - 14/05/2011 9:27:48 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 11:27:48 AM - Error connecting to the internet. 11:27:48 AM - Unable
to contact server..

Error - 14/05/2011 9:27:57 PM | Computer Name = StuartWilson-PC | Source = MCUpdate | ID = 0
Description = 11:27:53 AM - Error connecting to the internet. 11:27:53 AM - Unable
to contact server..

[ System Events ]
Error - 29/07/2012 8:20:15 PM | Computer Name = StuartWilson-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.513.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

Error - 29/07/2012 8:33:51 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29/07/2012 9:21:34 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 29/07/2012 9:22:11 PM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 30/07/2012 5:43:24 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 30/07/2012 5:44:02 AM | Computer Name = StuartWilson-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

< End of report >

Jay Pfoutz · Jul 30, 2012

Not quite almost done.

P2P & other unrecommended software

I see you are running a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

Registry cleaners are extremely powerful programs, in which can greatly harm your OS, versus giving a little performance boost.

There are too many Registry cleaners, and each vendor has a different set of classifications of what is a bad entry. For those not familiar with the Registry, save your Operating System, and do not use Registry cleaners.

Further reading: XP Fixes Myth #1: Registry Cleaners

Remove unrecommended/rogue programs

Please remove the following programs, by going to Start > Control Panel > Programs.

These programs have been reported to be either rogue, or unrecommended.

BitLord & BitLord 2
Registry Mechanic
RegistryCleanerFree
Zero G Registry

OTL Fix
Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Stui Wilson · Jul 31, 2012

OTL LOG
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stuart Wilson
->Temp folder emptied: 2204183 bytes
->Temporary Internet Files folder emptied: 24778978 bytes
->Java cache emptied: 431547 bytes
->FireFox cache emptied: 67647315 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 43829 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20934 bytes
RecycleBin emptied: 11853272 bytes

Total Files Cleaned = 102.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_163242

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jay Pfoutz · Jul 31, 2012

Please run the F-Secure Online Scanner

Accept the License Agreement and check the box. Then click on Run Check.
It will ask you to Run the Java plugin. Please confirm.
Once the download completes, the window for the scanner will launch.
Please confirm anymore prompts, and then select Full Scan.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
It will run its cleaning.
Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.

Stui Wilson · Jul 31, 2012

Thanks very much! I deleted all the programs you recommended.

[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Tuesday, July 31, 2012 21:54:16 - 22:31:35[/FONT]

Computer name: STUARTWILSON-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
[FONT=Arial]9 malware found[/FONT]

Suspicious:W32/Malware!Gemini(virus)

C:\USERS\STUART WILSON\DOCUMENTS\DOWNLOADS\SETUPPOKER_3ECF0C.EXE (Not cleaned & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DOCUMENTS\DOWNLOADS\SETUPPOKER_68E0.EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_549A_EN.EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_549A_EN (1).EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPCASINO_30CE_EN.EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_30CE_EN.EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_68E0.EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\DOCUMENTS\DOWNLOADS\SETUPPOKER_30CE_EN (1).EXE (Renamed & Submitted)

Trojan.Generic.4864316(virus)

C:\USERS\STUART WILSON\DESKTOP\ELEGANCE CLEANING GROUP\FILES TO TAKE\STUART WILSON\USERS\STUART\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\OLD_CACHE_001\F_0007FE (Renamed & Submitted)

[FONT=Arial]Statistics[/FONT]

Scanned:

Files: 87900
System: 4513
Not scanned: 589

Actions:

Disinfected: 0
Renamed: 8
Deleted: 0
Not cleaned: 1
Submitted: 9

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\CSC\V2.0.6\PQ
C:\WINDOWS\CSC\V2.0.6\TEMP\EA-{6DE36F91-B3A4-11DE-B4BE-B46EB408070B}
C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\~DF282DB488BAB1355E.TMP
C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\~DF8028E42A76D3D4C6.TMP
C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\HSPERFDATA_STUART WILSON\5620
C:\USERS\STUART WILSON\APPDATA\LOCAL\TEMP\HSPERFDATA_STUART WILSON\968
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{65CCB22F-CDFF-11E1-96F2-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{76D616D7-CBB0-11E1-815E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{7FAA133A-CCA8-11E1-AA46-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{76D6168F-CBB0-11E1-815E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{B1FAC9DF-D1EE-11E1-8297-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{7FAA1384-CCA8-11E1-AA46-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{C5BF34C1-D76D-11E1-B11E-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{BB647663-C952-11E1-A933-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{FE35DD39-DA2A-11E1-AFE8-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{CF006CE5-D953-11E1-89E8-0014850E954E}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0036B41C886AF1E4D639BF5CB5B912B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0064000DCEC69E1F2A8CB4E9E8BECB50_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\021318EC316CB1EF49CC508D9D5F81BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\024D1E96A1D93F3160D9DD6ACCF5F919_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02E41460B3F6B75680440D2C94053344_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\029D0816451B4F7DAB37DA953206809D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0265156E4EB96784E4D30D489D609D37_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\050192DB6EC25F44B4CF0311DF9EC9E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\043941A06723C877F5F6C044D0F06E2A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0562A26A1427F9879513EF21DB8CBA74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0564C5503D0AB688A0D3284F2B4E202F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05C247345F9A158A14DA4F756D987A76_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06DD76E6A28A3874961FCAAB664FD898_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06EE29982E1A6734CADE7EE36AF6F6CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08241C5580D167626740D991698C0581_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\093A1DF2235A7A1F6B59A11A28969442_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0933F99EBA894E58886C1C90C04AC034_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A194E74BAAD4160729D04068ECF493F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A933E70025D86F912989456621ED84D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0A3B8B777214C7B5F2DC1CCC38E4C4A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\094D3B44178381C97AF195986D3BD2E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ACF49515D8BE66528921204672BB35A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B38B581EA95D6E090AD4373A85A9C51_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BCC9B6AC8E436FFD5709E15300F47EE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C071EBAC97650E011DC3E1B04D87E0D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CA19B019D7BBEED982D2C16B6DF5299_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C7DFD305507302508801BB962B4072A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B7A3F3B0940E1CE5BABFA6D5583B8A8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C6E5C36EC2AEB51794AA895EDE02F0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DDB164EB3124C310B65ED5436114325_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CF46E7BB42F94B05815142C8690EF03_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F71AF3428FBE9A33A64686C17B49DC3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F6F0C72C6EDFAD17012721F9DE878A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\104D3E52C4659B29960A38438A9C5987_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FB75A325808C130035BCA8CE22504DE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0EDC9410958CC27A1796B6B7A3952126_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10F012FEE3A9A9F99E79A8682976ADB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11875C1E2F9E54B36F02766D3D1F3CD5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1321D3030F27034386A74A29C23A0A44_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1391F34393365F5677E1769FB1B6FEDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13CC265993F9C9EDD42A1DC81100F68C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13E6585F816A2C7EF0864E48EFCAD1CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\147A1092E1C757690D6A4CEDAEE3E176_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\150951797D4C4F7175E92DCF608798BD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1518337AA7E54C9470908B8CA5BE1492_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\144275010AC8A8E84BBDF755701DD92A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13EBA27FAB109BEC903D59713780728D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1663377D5786876E144807C3B835713B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\180FB683FD727DD5ECFA562F7C3AFA1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1667829C54E1768AC10F6065F03D0001_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\162B774C918D9E681FF020B1F6C8E22E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\152894F09B7FDB4548354D8B48DE5A88_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1908418E73BD712CB5E344DE4733A555_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19D7D9F12CD2178216CA85507EDEA0A5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1853F25902C455A00D76AB096C8BAC6C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A72593D341DF923C0771D0934EAF5AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19AAAE96C0C7BC6AC4D22BE19690B636_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A97B1567DB194216FC550C4859D8CA4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AE12EBF57F03DE86BE6C622BC44FD1D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B392BFC5E8657421C8748647D74FC88_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AD949A71F6FEACCF337D35B6A3F0DF9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A8ED175AD270715CC3F4D7223464200_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC5695E19F8E5E1C41128DDF5466991_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B85F6BB390060488045DE228D4332FC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B65733AFC864648B3730B70CCB6BA10_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BF3BF7ABAA516249D66E0B47432921E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CD652B964BD798194EB1C80C7058D4A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D114CDBBDB8E1A008D5FAD41123DF25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D275EBE85776710DB379C871967C85E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DC8916789823C99AC83AAA4EAC4079D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DE3D9C9D4951C3724CB37D4FA0575C8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E816FC66046B031CDB8200193655056_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BB884283EFF7E699C40C6F295AAC83E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B8976B36D7554DDC66863DEDF0633AA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FF0370861F38DE192EE466BE497E663_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2212E3015B0701B4474CFF06CBBBAB1C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21BBF0EC1C54CBFAF910E4FE9A0DC990_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22F0C39AF2DFF4765C7A9E402B74760D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\202558764116DEC3F8A0E7FC8E0EB7E5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23534B0D129FDEBFB14314B52C33DF24_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\235AFAE5897E095AA0EAE0D568F852F0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23A55348D36C6D4A53BA42A2401021B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23D36180B50986016754799CEC98116F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23E4B9404BB846054D5C0B712917A0D4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2506F78B961B04121669D95C7117480E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2543972DEB80DE8945E9A8CB59D259F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\232F3EA4BF45860F63601176F1C9CF77_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22437D9267E422BEF7794261A73F3B25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25556EF84E99570B46423B9CBBE75762_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2595CAD1054D298CDC4CBF9326C8BEF8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25F8BA4448EFB0D93267C741156EE3AA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\261CC6210DD19F57D59F5A23BD98EBD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27447168E54059FDC434AB6428FB0556_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\274D3EFE5F6E58CE295020A4772F517A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\288FF7DFC7F670435CDE2A22F4164925_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29C62F13F301896B66F9F7C1CA9C1916_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DABB44D0B495B80E8C195252615F205_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C0B4D33B8E6DEF56F79CD9C75528CA7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F8F7B61822A55EC9D7ECB7FFBA89D25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F50ED2467F473CF1789F5D138FBA5B8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AC8C35542AB33FBCFA3AEEE012C6105_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FEB38028A433FE280D08739BBAA5D1F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\305B7E3AA14FEFA7C146972377E18333_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30C51037E0EC00A186D208D2EBCA8A0E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3112667888CCA98EA55ADB5F6790F8E9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31169FC7DA6DF63228532F2BEEDF8827_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31969A7333B0CB7BDE0E2C602D199C78_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32764BEFCC2BB1AF790013B267A8CDEF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\323E4FC14C340BBA4E7F2AFD11E6F0F4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31BFCB45C6FD0D1E6B91C7E22B8A650F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3363CC2F2A55C809E3161CA61E421D64_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32EAD8041A0FAC30D6E8F7F0AD1C66E7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32C6ED418CC07954FAE3D29F1865C1DF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32D12B795E244794A91BD23B42BEEFB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33C636AC4B1A3155A24B5F60CAD251AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3391E3658F4A425267637B1017EF6CA3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\339CF84A7B8DDCB3C1003490D2E10520_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3384ABF8DD0337865ECE7651BAD67D5D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\354A267BB97F9DDFF0F2122AF9B3D13F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36B9DB066589AC81CA81926E94F6B4AE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34883B435A591DEA3FADEED2C748A45C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FA0705DEB08ED035A6E61BAF2A0E16_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3808F04DFFA390190F19C421FC2D7D09_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38D3D10C570590CE1D45EA4439A70582_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37F6D02A01737A6ED791F1E1DBCF05F5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\396FB12F23079FC1A5BC39DE808D49FD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\394ED430CDA4EBA16FF44B374D68EED7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36F1898588860D31E057168B17987B98_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39AF203D91601A3B17E1A407202C39A1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A71F5FA5006B6799922E5D50791224E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C31D3596FB877FBF1777B51C9DD1419_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C32BBFA8E41727F7FF188FF90307FCE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AB253DF16794A723F3855338C4B3D79_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D02F87FEAA8D0C5A9638527338B5457_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C591DD8DFA4A63941AF357F8DB8F5E6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D21F3A08C07D0C85831578C5C2C706C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D1774EDC850A9D937D8324CCE500CC9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3117A65B70870595A094AC4D5CA3C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3E13A6145F200FBE0E2581394B3134_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C2FC206A4BDEA7BAEC6EA0793528DD4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D702BF52ACBD93220A733BA94079E02_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EC488CE7CAB2F95BEF5FEFCA123C74C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EE3531BCEE080372F34B25C87AB4B46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F1B105568A60497DE1720ABBA28631D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F34430D0580D82629C12D910CDAE5A2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7B6A1914426D5DEEE0A7D21391EC42_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7F5DB6AC845A9B227104BFF9C4AF0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FE71DA3E48F6D268D2E36ED48C0E791_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A5D1CC58B8EEB3E81686637BDC25FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\419DF3A2922D42D55DBB4BBBC0F52E69_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41A7386EC892D4515CD6CE5BFF0C3F90_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4284CD6F6CB21084FFC00BADB8F5E4BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\412E22D993147D380B6F57E9F3E3B145_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43CE683A41A8AB73EE70B1F653AA2283_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\441CD0E6E1852F774BC9ADDF99180AD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE

Stui Wilson · Jul 31, 2012

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4596EDD37DC6FB9AC7FC287EC5F6265D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44A6FBC6D651DA20B06C3901300C3FC7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4117B008C400F21BEB04089926565B5F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CC5D67164820E53D95B644DB053F46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\466A7C24EBBA819DA852A98B4573F48C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\459ACB44E799738396C41BF58B56E027_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4711C5D24F1666B60E60A0F1412F429F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46E1CA285F284EF256E57AEA99673744_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4772DCC315270F246CE7CD724BFEA9A3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47388BEDC6D5C51F86ED8BEEE82002A9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46A75A92E4FDCB29733D482B014D7AE3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48B656D41B03D7F1AA959D416DBCE33B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\486D5620235953ADB9159DFE875D6773_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4836940E9BD2F980CBDD3FCD21AA3FCD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BCC8BD4553C931984CD437AF0F37D7B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C727852631F64BFB79A0BB8969DA124_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AAB2C30C38339D40DCFFB692C61772E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E4080E5A39341D389EDF796CD8656A8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D77785F58BF127AA3D5858ABB305263_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4ACE85CDBC1461586095092422ECDFC8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E64B3CF3F721B83BCB0465C748E3451_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EF3FF0BC6353A8FB3EFEA516E53CA45_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\506A0DD8688E8BCC34E51D8D9ADB2027_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5103F3AC0CA4AA2CECA60C38F3E9CF2F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\515570831E29E04C584B759B94D6AC22_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5164E8700AF005D3FDB927F55DB8421F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52179A8D8681622DC576D7975B4D0C3E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\521BE56D15573DDB8066E07B26F9B183_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CC831BBE690A29A42079A8E7B659928_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\524419A2F45CE07AA0673B71A3266217_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5241C3A7F747F8AFD3774A9D1A614262_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52E84A5A03CBD5F05CF2A50AC3FB6176_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52AD3F4F94E4CBA0E40FC7ACBFDFE954_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53C156D8A6012D1363EDE86B46B36C26_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5391C99583BDA130E9FA7C44748B96EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5513B575939335457889F43B6E7BEDBC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5535975469EF5BCB65F56E63847C73DC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F2724D1A727F88B134CBCC21EE2FC8A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\570ED08CD51C19296C91D5ECEAFA6834_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55A1D2CDD77B0F63235501D70E4935E3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\577D61D2907E8A802628065702065FD2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58937CBA6BEAFCFCD51001EE95AE0038_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59794D680D92DE573AE26877AE95BA0A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\599C9CF5A0C7AA44E39A0D1BC6E3D3BA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54E8EA6457E3954860643A450BE221B8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573D9783607188C213A417029B31C63F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B2BD0D3114468F02A5EE3192655AE66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59F49F7A03C2571A29C3B81BC8392B97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5BBDA08202781613F1E75C48A6147EC9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C06FFD3E79BBDCC1E9F599BD12505C4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C442E7234A9B21407DA0E1803E908D7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C4829A7E4BBC0E7858200A587169D49_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C6315C2481DDA6B53DC6418C04A9DB9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B742275DE458663ADBAA7C823870842_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DC0F65465DADDF1185F0E8CCAFE3ECB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D6F7881E9630CE656ADCAF943456565_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E243164A60DC0BECFB62ED691F782C4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F55C06ED38ADA9AFCEE6A85BACCB346_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F98C41DC0F07B6EBD4727E5A7E511EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FC937336C2396B426ECBCD3B529A637_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59D3FF66B071EA8F33B758F37DB9B298_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FE379A5E4775598350E6E2B0024D3B1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60DC6B5C27EFDEB96F8260E34A4F80C6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DCC7D9F1D4AC5C0F9D5BDFEBC2A7267_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61C35EFF4064F9D5DA2994647FF9B716_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\600038042A7B6A181152BD5CD79E1FBF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61FF08A2016638F4694EBD3AA12F1C06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6207E2B60338ED118A7E3CA0F7D5C69A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B7C400C80D4DF6A075C745E08920C1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B6715AA62827D3CDB91D4BBE138E8F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63F56773C75345D3401815D199C08E63_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6438BE2B3423359602D6B612BA0FE2C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61F5281CB338F53ECFCFA7CB2DCE4C73_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6474C4125CD361A9825050F18E6EC290_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6566188FCAE8B8DCA6AD38ECCA64C57F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6508C2528D7D1C92C2B961F4404EAB2E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64967AF010C69BECC819AB34DACAEE34_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6597CC69F8705F89530DA26A82036C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6583A6E70409F49477FEB8C44EC54927_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65CEF3CDD36ECF672464F431C48DB55E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6621DD208778D8571BA49695288838EB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66B9DF036772D6990194596B95C60408_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66D356FD7929F64042D5E3634588BBEB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67A507106B597F7912F072CA5B9EE1CA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BD2691B43A2879B3B70D0159FDD32A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BE27274189D38DA37DCCFE5CF34F1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6747C29BDE5B31052040F6023EB5FA74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\690E4B58C3985D9A02D4BE604FB7ADC6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68808906C40556D2B9D6ECF7D5E48039_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67359AE3DBB0BE060F54DBDAD2B25CD9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AA68C45E777BC8D615373AD33FD7868_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A503C9AE371CA20B0DF697E33D6F22A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BF5B6C7099172922484308B2A32509D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C478367D4D01B9FF8B500B3CE35A9E5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\697B7C70B4DAD4243F882098E297C4B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D472A144AECB877F8C952FFAD886876_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D282483193928D11FD32DCCEEDE85E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6AFBB88AD670298EC36F78E631E82F2B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D024E3EF34BF966F69A16F98E2FA035_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DD9BB077F1C750D983E94ACA5ED7250_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DBBCDCC12BC3272E251A012915280B1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E9B508EA47904F71709201FAC5E48ED_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E4F637F624FBA24548B85E38D20E0EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F7E804E2C52AC19AC5319F3AD3B0ECD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEF43F914D1E1886E68DAB0FADF8A74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E48393D82F380FB60E35E3BE53B3313_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71351D0D18BD738825B2F8C01B127480_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71A352A09ADF9ED1D5ABD69078BF6C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7206B1A7B2D155258102B4E87C7B25AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\722EEC80E918DF9E533EDB6B0D82D85A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\725F9CE62E434E74CDAB4158278A7784_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70D0DCC2536937AF7E24941B08FB7DF5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72AB36C15C7489C578DA1643C762AF51_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7262EAD119B2CE12BF8CB2A9D8650A03_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73F18FDD396BF1D3DA2052FFE10BCBEA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\739844BC399FFC40B4878052339BD930_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F58856A08955DFA9F0C1AE30F189EAA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7501FB4116983F3C552D8377AC874E14_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\748C2BB3ADCBB1946B840E87EBFD91DC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74061C1883E116DA53B945EAE30B358A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\775F500262241EC4816BBB9FDF2E8BE3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\764D9AA85CA6B229EF5D0E7C138792E2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\781BA3269C01E03C2D52FB45D423413C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77CE1AD3580574D83ED6859D48014E6D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7504DAF76AA85B40E1856F33DEBE5502_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78F8C8A8B9CD4C256EE5F7A11D30A6D8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A7370C910562EAC518EADF2A993F3B6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B7752DAB3D59BCE59A7329182B4EB49_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C5CBD1B67F3E2AF28FD9672A7EE29CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E5F1ABB4F066B80CC38FF9FC6A05E63_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7883C4AEAEFF6966AEE95E26CB3D9F7D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FA8A4CF683FCCC28294A20149B557C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FFC8731294219D5D9FFCFA32594B6BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\822BAD4CA627B23A8F3B6BCB4F7A80F0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82405DD64F6AD67989B070FF459755E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82C2811DD571969477F39F55F2BD3E5D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82CABB7950EE6D19F00E8F90A3CEEC97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8345958933A27DC9A4B7A85438AFB1EB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F1361186175AF727E630E430F3F5C55_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83D25CD4FB06BDEFCA723E7339578B9F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83CF6C85F9BE624B33394834091B4669_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\784038FC467F34DD454466E73A7CBA3C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84203D6EB4A7CEC801F903B0057DF25C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87FCDDED6F866895FC55392FA55EE857_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8805F70F6217ACEBDD66802CFD979C54_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8594AF5200A4B83EA916E7C96A90BE46_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88AE1EE08F1C939DA7AE630812ACFE42_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88EA79E42C7008E92B8729A85CB55EF6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89F5F8ED84F48B69EB92145D25C06858_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A337C21CC7E4298159D6475F5F05778_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8789DADDB86379AD7BE03E90E6C89AB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8813DBE9682BF2B981D4D5327206D19F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A5C649A7915961FBE118C476922BB01_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A93702D0EA33C1D9C03E87B1F6D7643_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B8EFE07CC6D55B19E021F1262C888A7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B8D7CDD33E28BD40BEF533BA63FA5CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C390D0DB03027F53DE776C93D0049FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C6AB43711174CAFFFA4D23D350AFE2C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C882F81685940E2946CA32B05C3F06F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E55369C5CEDB4AEB7EBC04D7E141101_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DFDE79218AD8A5DA019B3E6E38DFE4F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CA4C6186BA496E078A29192A925075A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E7B00C4D77EE34F0BF3CB74F02C7AF4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4C386D4ABAB1C506C792C9ACDB157A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4E2546D6390DD9AF7AE9B4D110AA0D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F6CFB407D5B138A63C9C539B5A4D25E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9173437B69F09DC3317005CDB78993AC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93DDF296835DAC0FF7B4F69F6F9EC481_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EAC2F3160714DEFF3FC7DB80EB3DC0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9480A98C03052701DE0BFFAFD541959C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EDF3AFD6230A72DC7C0ECF97B3D734_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9509E5556407911F458D70FFE74C182C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\949DE074D00A0BD44D5D9B9A9749E6F7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\973EA345CF1CB2E1AC63422D7BDA5F92_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9598BAAC186C6AE9CE49B4AD2CEF49E3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93F83A5A4BD4B3BE61D543D662AD1F69_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\977FC5B46D57A872F9114CFDD8240FCA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A1BF19E797735BA70BEA4A8A6F9BCD6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA6BB1BC96B15145C03F5C149CEA819_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A6F1D870D72F105A28F8AF59B5706BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CAC27C6E8539D72057CF45879A4827B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CEA41C71D682215291CD356F6025825_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E0C9B89F6E6B3526F2C4AD0ADC8F36F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E7C631E0E4AA7A371FB61D5DBE3A402_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A67FDA726775EC44205F967E342079A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B212E1F0061C2BA61A6D3ABB5826F71_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F47934E06493B0CD6FD25EF76E41A2C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A032BF0D01E7A44F399E2BE0983EF681_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A101CAA1F217F68D585A28564586E73F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0C4C1E5FE2DAC930819E91756C79368_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A28488DA07A4D5DCF18B5A17578CC23F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A212CF84329AFD79C302D4DDC20CA9FE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3A1BDC908ADBC07C538186A458DED9E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3E7021E8E910909EB284E7D00E947D9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A067767BF197875F257A242ECBB5F4AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A49D92A2A8961F0BAB64E63DE0CB9185_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A6A27D64E4D5ECEA8BEFC916D056B0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A31AD1CCEF9D97C1364B24313096DA0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A525AF55E3A2255408938446DD721BD9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A534E942992FA3C7529164F8385DDA81_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5464598F17E396FAB3044FA655CFE5A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A271746B21C1C50BA2F1772CC2EAF2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5414A6258ACCDD88D542C4A8E0DF812_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5AD19ED9A1379EE1987FDDD6A88863E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5EA0FB3A4F181614872ABDF44B83744_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A54A8D08087BFE97AF3132436F7ACF53_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5B018C45BE8FD47A50FF8D7ECDFD071_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A75218121561393A13ACCAC2B0155273_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A763C0CB278569884BCC769656B82787_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8B5EF273629BFB3B88E0ABE1B44FDDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7CC36316E2452A12D05E4E43A80172F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A985B83BD534F08AF7127AEB13FD8F85_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A96743DB73613FFF61B071B65BA25F27_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA2F10AA4F591E1EE07C7907AEF54C81_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB3D1547679DE81CE863AF4DC4624DDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9CBA4D60693DB671D2F74EBF93836B7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB70E1163F5EEB65C5B93761C5377FB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB0A6EBE16661D58AEAF15CABCE7B21C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC75B3A63F54DBF260BDDB5574E38DFD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE207BCF50591B1671B0F64FF557BF5A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC9880DF307A131B3AA90F7799B99470_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC3F4B0FADECE2702A69E22640475AB4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE940B6B5EFBE447DF6377C795DE89C2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEE6895265A4424E342B0C7517E1690D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE8DAB09CEEC18C3B75D09D85FF3E3F8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF9F97B7BFEC919B8F9E3599382AD468_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFB8E037EB3871577153DF908B30BD48_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEE6D99C5B9339F0D68882C87D21089B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B029DEB18AC0F6DD024A4A1239D627E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0AA59A3B04BEF976F01E60085981A76_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0006D5666ED4A8903B698516A2CED4F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0F5C41D2A0723D72346BA88D1EE1F1A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B25EDB5DEFCFB02214AFF2BF023FBEE1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1816FD896810A193B4F39A7D408DDA5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B15C0DC3A79EC46601D9749A0B94A82A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3386E8B1292084360A92BC269D62CAF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B391DFE97CF793B7F2EF46F0476EA40D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B395EF1CFE0657DCAB64E6E00AB3C91D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B480D04D7656628C7BEF76B49AE9AA92_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B49BE70CF0EFB20E301CD946A1814870_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5DCE0BE48C02399A3C8252D3C92388A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5FAC944994AF235FDB2BDA30144F89B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5FED14190D5BADC286012F1218F2190_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6A0FBD02849E14FA96D892985ED2678_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6C03DA663D569137AAEB588FD957F6E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B52BC2AF0B63E22B7F671EA55CB355F1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8904C32175C5F732AD09B44E038C305_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F209CED155BBDC9F7381D826D7E7F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0D588C419084C74B4953C78A5CBC71_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9EC8D14F87AB8763328D1054B3DA7F9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB00FE4E899EAE922D61F772576C557F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB76BF6495E2B5B67435BFD58D71E5B5_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7CD306EED0E6367FD5A9F6E480165C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7A683696477D41677A1420F4F52F23_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA0A22F764E71E0171C01B843C8293C9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAE85F02E5BED512BD09E93A4A807446_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCFB34120EBFD767CA4B38F13A9C28B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCF055B274D28AB950BDF80EBF186D33_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD81A9608ED379D1524845D43A68D983_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEAA257FF80AB8B59EE3129E37E34D8D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCAFA7A511F53B9F242B01C5DA2DC963_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD4D6907307C388A156AC5375F708ED8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF3591C3510A9274D8850ACAECCB2E97_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF84F03F6F5760BDD991D2E849AF8525_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFA6B57A731DF7EEA1F075FFA246655F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2132BEFC35DB260D4AED41FD4BE90BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2792A4218B13083AAD572CD672C326E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2843C7300944A904372E8A85B8A0C25_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2F1BDAD229378A0B3D8165A0DCA63C7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C1022827FF3AF99C159C74C043265D33_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3C851D3D9BA7F11467293E39355D4B4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C15E5DADC13CE35379F58AC99732A50F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C44E23D2726F335FEE51091D88BE62E4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3441611C80F91826CE52951465D46D1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C53D017C8D685EF4E1836BC09C4137CE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C630286AA3AB846998A8393FA3D4E6F3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4B74B3798283121CB891ABEDF684A74_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7FFF84A5E72247FBAA6EB1B8BB22FBE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7AC5B280EBA2B22BE5BD07497A61578_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6D8FBCC257DD6E0BC5F74C5D2150221_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C851E8508C1DB70DC925E2F669B41D87_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C835A4074192FB078F3CCA7D88E58A77_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91439AE5A6FB87FF73E81A9383B91D7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4DD7062790A537E3D53FB86601EBA65_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C91D3A423AE741FA0F1C71A5AA92A8FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8824A5CFA6AB1598E8B18C0835006A0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA530A6488438C86618B5CF2A2AAA260_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9694AB9B2D5637F699721F4F26EFD6A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB01ACE359FE5B700DA2731E298BFBF6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA8AE33A20DFB364613C896E85813941_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA6AD84C8ECA14516C2819B06CA675E0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB6C0D59A7C43049C34AEF3545B6175B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBE80523BBCD8F556D7C8EC252728527_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD92BB89D71C8E89CD07F43F72A3A81E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD9B92FD1D7444D9D1A8CFFDD391AF8F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDFBC071A66583C336EB9AE3031CC1B3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD0CB5A0977EF29BF1E18CC2D04C2D4E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE1D840D3C4459A343173D67FB8E1C38_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC229149BFEB428836D46BC271E55904_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF6156F9D5E9A7272644A3097D03D51F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE473B16AE1DC19DF11A8B8F07E26F08_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D10B9F194B54AE62900FF49003FF909A_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D16D0B5A95A3C6529D7488E1686E2730_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D16266FE77849650CD82F0672C42769F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03BA7D88083D76379667316F79C1A4E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2600ED935B72178C35B2F5D6EF70889_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3DF236E1807003E3378131BB9AF6CDA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D209BE7F307A5F0CE821C1FFF5FE6FB0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D314C205ED63D0489AC3BBDE127F940E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D502D750E99A79E5CFC93429BE9FC665_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D65644ABA58FD256466AD446FFD45A2F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D660A5C0E9D902EBF7CDEEC0B3ED5A4B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D584BDCFA226130558E79A14738779D3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6540D6D8F0AEDD6495AF48FC9AEC3C8_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6800DD988939B92A29871FBFCE821FC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7823B1919BFBFE32C79C0B8E8647C0B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D68572C69A369955302B8C24EFB4398E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D8CD6E3172856B8A3E5937739683165D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA818EDE08662C1EE2976148B0F8E782_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D790EB36A80533BA07941B541E99F497_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF15D90A02F2E3445F8FCDD63826831_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D95ED52C8A2E20182894783B4733552C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC444B848AC55F1A744F1F9E98999E4C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB7EF68CF4428A4A98A7A40DECE073BF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB7281C33C1D2FA2FA227199C08CC9F2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD97A4BBB04C91D15C6378A3907BCDAF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DDB5971F1D16068C470C84C2921FA945_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E04D6CBACCFF810C7D6D0BE032D7ACFA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E08DC04BCA8A2CB5E6963664029A4FBC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0A2103188F2586733A39D6B2767E8FD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF22BE7ADB495DFD6B2FF824F4B4CC48_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DED595D67AD13BE16F1672477DDC70AB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E29533D15D355EACE8791FFB650C0914_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E052A7DCBBDD8B14C866814515F2881F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2E143037675FECB55B187815251ADB3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E197134AAD2483981CE468C8B0E1172F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E30AE7B3C16F157A18421CFA53070981_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E29969E804D6C0513B9911F742676A16_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E37C69715EA1EE92A325FA1BEC43BD06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E33CB0799120D8E776F86AADFAE6FE06_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5A9451D3DDBAAE86081EEC85B709846_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E630D01AEB5F439D8EA50C96E2897A87_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E37D6BA66659D33BFC94F58A7A31D3C3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6A70498B75046738C56667949008DE6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6C57122D5DEE1460E70C4FD84F352F6_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E39DA31267A3760ED2261BE64C33CCD0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7658EA05B61B8EA595C4BF1AE9BCB3D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8C70AAEDA42EB5FCB89DBEF3A4DB871_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E98BD2A25E40C8FF3D9CE95C32D16B98_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E93F3EC9484D7073555F5F42B106250D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E71BE1A5D763186DE9CEBCDB0B5D4FFE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E93C9157B06B6160E50BDF083E6396D4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB672FAAE3DBAC5ED229FDD89DEBE79B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBD452A49531A8BA0D5C8BB91919D114_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA79701109EF5078363EEFC0BB2B2540_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC6EAF59765B3C4822E140D5916645FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED36A4B87BA5EF9380113ACAF82483F2_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDA2C01B809F5F42A4F770C366E7C215_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED56E39D4F9E46EE0E410603E2BF39BB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EDFD6A9DF4C4FAE23CB66ECE9BC562B4_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED83F10C4224DBC6809AB555530BAD19_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFBFF60D032B8E801892AAC79F00EFD1_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFFA53126D1E735240441F20500ECDEC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EECFC8714AB6F25B6534DF8F56278BAD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFDA41598F1FBB0DC551C4B8C9E3D092_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0BC77FDF807B16791EE80606CD7ECC3_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F05D82F8D3B9C6AB70CB9F4C9840C9A7_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F03C8E4CF785BF39EF8D7E481AB63021_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0F4FFC30DC63BE40E51A49E7640BC66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F157FCED4BAB7AE4212182EF8AC113EC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1F1F704542FED1FB86CFEEB9DC9FEFE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F295A1D79ABF0BDB5C900800B9242E12_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2BA10940B431FDD228F74B6AF781315_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F33EADF4525D130B7E2E70366A690965_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3617B81FC7C45ECD398D864E1E5DF0C_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3E8297A454436606C99A64C29C5878D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F53E99C7AD17CECC541B20E956631C9B_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3DD8E6E5E626423C4EAE71D1D70E21F_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4E7BD05BC771F649D9D6B3836B309FB_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3CA24C2AA0B567EB22367D353A54CBE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F56CBE0D645B2BB31B0FC6D324A813B9_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F549EAA367341DFDA43C586E2482CF65_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5DB7A9EFAE42885FD7487F1B2621F40_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5F13D6637991AF26E03C772EB106DA0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F63972088693044E6CD051EADA0895CF_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F683825D5114E54853BDD3C8361793D0_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F69AAB78B1D770348386A1DFEBDAC310_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5A6DA17592C35DF5D3B0F485D501D53_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5835611BBD9BA059188730A09C0E939_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F75F02191DB5477294B7C950041F980E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8FC51C0AE2D95D44FF2DA547B66F3DD_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F86F7C026FEDCDB2CFE6E85EDC5AE47D_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F87325A771B0B88A6174C368CF22C533_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F946DE79918A85D1AC99CB72F2B662CE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F88B12918BF09D203DE77DF6E56443CC_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA3E681F52374E3FBA50E9828F7B1499_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA0D6F6C1F87E9EF70889A4E6BE3C870_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB711DFBF8A03E0D6A9600731B3055FA_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB5AA22910A0A0AEC483DD4131B465BE_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD960BEE3E61D87A339315CC6E3DEF66_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE9C11A8BE9215761A8445367F7F945E_EA9B9489-C241-41A1-9D5E-BA16E8D22DBE

[FONT=Arial]Options[/FONT]

Scanning engines: Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
Use advanced heuristics

Jay Pfoutz · Aug 1, 2012

Excellent!

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

ClearJavaCache::

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Stui Wilson · Aug 2, 2012

ComboFix 12-07-31.03 - Stuart Wilson 02/08/2012 14:26:51.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3072.2129 [GMT 10:00]
Running from: c:\users\Stuart Wilson\Desktop\ComboFix.exe
Command switches used :: c:\users\Stuart Wilson\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 05:01 . 2012-08-02 05:01 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\MpKslfa0bfde9.sys
2012-08-02 04:35 . 2012-08-02 05:01 -------- d-----w- c:\users\Stuart Wilson\AppData\Local\temp
2012-08-02 04:35 . 2012-08-02 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 11:54 . 2012-07-31 11:54 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\f-secure
2012-07-31 11:54 . 2012-07-31 11:54 -------- d-----w- c:\programdata\F-Secure
2012-07-31 06:43 . 2012-07-31 06:43 -------- d-----w- c:\program files\ESET
2012-07-31 06:32 . 2012-07-31 06:32 -------- d-----w- C:\_OTL
2012-07-30 00:20 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\mpengine.dll
2012-07-26 23:49 . 2012-07-26 23:49 -------- d-----w- C:\FRST
2012-07-26 10:47 . 2012-07-26 14:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-23 22:44 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 22:41 . 2012-07-23 22:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-23 05:35 . 2012-07-23 05:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 22:14 . 2012-07-23 04:33 -------- d-----w- C:\Poker
2012-07-13 05:24 . 2012-07-13 05:24 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\Python-Eggs
2012-07-13 05:24 . 2012-07-22 23:39 -------- d-----w- c:\users\Stuart Wilson\AppData\Roaming\BitLord
2012-07-13 05:11 . 2012-07-13 05:11 -------- d-----w- c:\programdata\Ralink
2012-07-13 05:10 . 2011-11-28 10:21 8192 ----a-w- c:\windows\system32\drivers\rt2870.bin
2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\program files\Cisco
2012-07-13 05:10 . 2011-05-04 03:56 1608768 ----a-w- c:\windows\system32\RaCertMgr.dll
2012-07-13 05:10 . 2011-05-04 03:54 802880 ----a-w- c:\windows\system32\RaIHV.dll
2012-07-13 05:10 . 2010-07-01 07:45 119648 ----a-w- c:\windows\system32\RaExtUI.dll
2012-07-13 05:10 . 2012-07-13 05:10 -------- d-----w- c:\programdata\NETGEAR
2012-07-12 06:24 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 03:46 . 2010-08-06 09:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 00:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 00:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 00:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 00:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-22 00:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-22 00:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-21 01:01 . 2011-07-15 01:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-13 604704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-20 1406976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-13 4577760]
NETGEAR WNDA4100 Genie.lnk - c:\program files\NETGEAR\WNDA4100\WNDA4100.EXE [2012-1-3 5001472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TitanCalculator.lnk]
backup=c:\windows\pss\TitanCalculator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Stuart Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Stuart Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 14:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-08 04:32 133104 ----atw- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 03:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:36 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 03:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-07-06 19:32 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 MpKslfa0bfde9;MpKslfa0bfde9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{812717F8-9643-49F7-9A67-2FCD25F63BD9}\MpKslfa0bfde9.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 msftesql$PROPHETSQL;SQL Server FullText Search (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$PROPHETSQL;SQL Server (PROPHETSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLFA0BFDE9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 14:53]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001Core.job
- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988588282-1707717258-2563674901-1001UA.job
- c:\users\Stuart Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-08 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stuart Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\i94htne9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$PROPHETSQL]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f

ROPHETSQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-988588282-1707717258-2563674901-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F07CEBA-9A0E-3AD7-0BE7-83239DC860F6}*]
"hagheagpkmhmcmkj"=hex:6b,61,6c,6d,66,6c,64,69,64,63,61,6d,6d,63,6a,62,6b,6c,
70,70,61,63,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NETGEAR\WNDA4100\Service\RaRegistry.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-08-02 15:04:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 05:04
ComboFix2.txt 2012-07-30 00:22
.
Pre-Run: 198,493,396,992 bytes free
Post-Run: 198,356,041,728 bytes free
.
- - End Of File - - FE11F184AE01850462E659418D2E69D6

Jay Pfoutz · Aug 2, 2012

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Stui Wilson · Aug 4, 2012

Sorry about the late reply been working late. Here is the report for the latest scan
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1eeff7b3bf88cd4f912a399cad58e6eb
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-31 11:33:53
# local_time=2012-07-31 09:33:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 34863539 95366759 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86868
# found=0
# cleaned=0
# scan_time=2465
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1eeff7b3bf88cd4f912a399cad58e6eb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-04 05:43:47
# local_time=2012-08-04 03:43:47 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 35177319 95680539 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=174099
# found=0
# cleaned=0
# scan_time=13279

Jay Pfoutz · Aug 5, 2012

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name I.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive I.e. C
For a few moments the system will make some calculations:
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran TFC
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Stui Wilson · Aug 7, 2012

Hi, sorry for the delay have been working late nights,
I ran every thing you said to and it all appears to be working well here is the latest reportr

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 32
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Jay Pfoutz · Aug 7, 2012

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?

Stui Wilson · Aug 8, 2012

Thanks very much, updated and everything seems to be running well. Thanks very much!

Solved Sirefef/1 minute reboot

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Posts: 4,279 +49

Posts: 15 +0

Similar threads