Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a trojan virus and I'm not sure how to remove it.


  • Please log in to reply
22 replies to this topic

#1 sam_man

sam_man

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 05:47 PM

Ok, So I have a trojan virus and when I get Malwarebytes Anti-Malware to delete it, it re-spawns on reboot. The problem began last night when I tried to turn on my computer and it gave me the Startup repair screen and It said it couldn't fix anything but then I was able to reboot and log onto windows normally. So I assumed it was a hardware problem so I tried to run chkdsk c: /r on reboot but it gave me an error "Cannot open the volume for direct access. Autochk cannot run due to an error caused by recently installed software package. (My guess is the recently installed software is the trojan itself). Use the system restore feature from the control panel to restore the system to a point prior to the recent software package installation. An unspecified error occurred (766f6c756d652e63 3f1)." I tried to do a system restore but the oldest save was only 2 days ago I'm guessing that's when the trojan installed itself.

So here's the mbam log from the virus scan:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
iPwnGaming :: IPWNGAMING-PC [administrator]

9/23/2012 5:32:48 PM
mbam-log-2012-09-23 (17-32-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222905
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 6064 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)



Edit: The computer is very slow and laggy and has lots of "Not repsondings" but after I delete the "C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK)" my computer speeds up but on reboot it slows down again because that virus/trojan respawns.

Edited by sam_man, 23 September 2012 - 05:49 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 September 2012 - 05:49 PM

Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


Post the log here.



Then run a scan with eset remove all that it finds reboot your machine and if the issue persist see below.
http://www.eset.com/us/online-scanner/

When the scan finish list found threats save to clipboard post to notepad Post the log here.



Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


Edit: Do you have your operating system disk?

Edited by InadequateInfirmity, 23 September 2012 - 05:56 PM.


#3 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 06:00 PM

Thank you very much for responding so quickly! I'm in the process of running superantispyware and I will post here whenever I complete both of scans. Thanks again.

Edit: I have a disk that has my OS backed up on it that I had to make myself through ASUS backup. So I'm pretty sure it has the OS on it.

Edited by sam_man, 23 September 2012 - 06:16 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 September 2012 - 06:14 PM

No rush when you have posted all requested logs I will respond. :)

#5 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 09:43 PM

All Superantispyware found we're some tracking cookies nothing that seemed that harmful.

Here's What ESET found and quarantined:
C:\ProgramData\Microsoft\Windows\DRM\D8B.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\DF9.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\Users\iPwnGaming\AppData\Roaming\Mozilla\Firefox\Profiles\dvy0dvfp.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined

I'll edit after I reboot and see if they're still there.

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 September 2012 - 09:48 PM

I need the farbar minitoolbox and adware cleaner logs.

Also run a scan with Fsecure online scanner
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/143

Run Rkill prior to running the fsecure online scan and post both logs please.
http://download.bleepingcomputer.com/dl/7b48f8061b45a14abefd919f31a46522/505fc9db/windows/security/security-utilities/r/rkill/rkill.exe

After you complete the above then run rkill again and update malwarebytes and run a quick scan

Edited by InadequateInfirmity, 23 September 2012 - 09:49 PM.


#7 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 09:57 PM

Wait so do you want the above that you just posted before the FarbarServiceScanner and MINITOOLBOX? After rebooting it doesn't seem to of been fixed.

Edit: Opps nvm discard my question lol, working on the FarbarServiceScanner and MINITOOLBOX now.

Edited by sam_man, 23 September 2012 - 09:58 PM.


#8 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 10:02 PM

Edit: Added the adware log at the bottom.

Here are both of the logs:

Farbar Service Scanner Version: 19-09-2012
Ran by iPwnGaming (administrator) on 23-09-2012 at 21:59:08
Running from "C:\Users\iPwnGaming\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




MiniToolBox by Farbar Version: 23-07-2012
Ran by iPwnGaming (administrator) on 23-09-2012 at 22:01:06
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : iPwnGaming-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-57-C3-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-3C-33-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-3C-33-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-3C-33-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:adac:77e1:1234:9c52:d0d0:3c9f:7c00(Preferred)
Temporary IPv6 Address. . . . . . : 2002:adac:77e1:1234:20b6:5604:bb3:26a4(Preferred)
Link-local IPv6 Address . . . . . : fe80::9c52:d0d0:3c9f:7c00%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 23, 2012 9:52:44 PM
Lease Expires . . . . . . . . . . : Tuesday, September 21, 2021 9:52:45 PM
Default Gateway . . . . . . . . . : fe80::21c:dfff:fecb:4c5%12
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 205530562
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-26-09-42-54-04-A6-1C-08-3D
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-04-A6-1C-08-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1093:304:5253:881e(Preferred)
Link-local IPv6 Address . . . . . : fe80::1093:304:5253:881e%17(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2001:4860:4002:802::1006
74.125.227.0
74.125.227.1
74.125.227.2
74.125.227.3
74.125.227.4
74.125.227.5
74.125.227.6
74.125.227.7
74.125.227.8
74.125.227.9
74.125.227.14


Pinging google.com [74.125.227.98] with 32 bytes of data:
Reply from 74.125.227.98: bytes=32 time=20ms TTL=51
Reply from 74.125.227.98: bytes=32 time=25ms TTL=51

Ping statistics for 74.125.227.98:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 25ms, Average = 22ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=154ms TTL=49
Reply from 98.138.253.109: bytes=32 time=81ms TTL=49

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 154ms, Average = 117ms
Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...64 d4 da 57 c3 7e ......Intel® Centrino® WiMAX 6150
14...40 25 c2 3c 33 ad ......Microsoft Virtual WiFi Miniport Adapter #2
13...40 25 c2 3c 33 ad ......Microsoft Virtual WiFi Miniport Adapter
12...40 25 c2 3c 33 ac ......Intel® Centrino® Wireless-N 6150
11...54 04 a6 1c 08 3d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.7 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.7 281
192.168.2.7 255.255.255.255 On-link 192.168.2.7 281
192.168.2.255 255.255.255.255 On-link 192.168.2.7 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.7 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.7 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::21c:dfff:fecb:4c5
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:9d38:6ab8:1093:304:5253:881e/128
On-link
12 33 2002:adac:77e1:1234::/64 On-link
12 281 2002:adac:77e1:1234:20b6:5604:bb3:26a4/128
On-link
12 281 2002:adac:77e1:1234:9c52:d0d0:3c9f:7c00/128
On-link
12 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::1093:304:5253:881e/128
On-link
12 281 fe80::9c52:d0d0:3c9f:7c00/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/23/2012 09:41:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/23/2012 07:53:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/23/2012 07:53:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/23/2012 07:47:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1524
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/23/2012 06:27:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1240
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/23/2012 06:22:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x13a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/23/2012 05:59:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1550
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/23/2012 05:34:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x17b0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/23/2012 05:28:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1214
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/22/2012 11:15:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1038
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (09/23/2012 09:54:42 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/23/2012 09:54:42 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2012 07:47:34 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/23/2012 07:47:34 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2012 05:38:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (09/23/2012 05:34:06 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/23/2012 05:34:06 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2012 05:15:52 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/23/2012 05:15:52 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/22/2012 10:49:15 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (09/23/2012 09:41:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\iPwnGaming\Downloads\esetsmartinstaller_enu.exe

Error: (09/23/2012 07:53:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\iPwnGaming\Downloads\esetsmartinstaller_enu.exe

Error: (09/23/2012 07:53:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\iPwnGaming\Downloads\esetsmartinstaller_enu.exe

Error: (09/23/2012 07:47:47 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3152401cd99edfef54c6b\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll752f46b3-05e1-11e2-b275-5404a61c083d

Error: (09/23/2012 06:27:08 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3124001cd99e2a0922431\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll30d3f039-05d6-11e2-b3ca-5404a61c083d

Error: (09/23/2012 06:22:42 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c313a001cd99df20240dd9\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll92643705-05d5-11e2-b3ca-5404a61c083d

Error: (09/23/2012 05:59:34 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3155001cd99db945ba9b9\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll57005368-05d2-11e2-b3ca-5404a61c083d

Error: (09/23/2012 05:34:09 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c317b001cd99db573f84f4\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllca3149f8-05ce-11e2-b3ca-5404a61c083d

Error: (09/23/2012 05:28:28 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3121401cd99d8d2220037\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllfeb062c9-05cd-11e2-b4e1-5404a61c083d

Error: (09/22/2012 11:15:53 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3103801cd994047641c3b\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll5cf7a864-0535-11e2-893c-5404a61c083d


=========================== Installed Programs ============================

Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Photoshop CS6 (Version: 13.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Assassin's Creed
Assassin's Creed II
ASUS AI Recovery (Version: 1.0.23)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.2.0)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0040)
ASUS Virtual Camera (Version: 1.0.25)
AsusScr_G74 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.5.103)
ATK Package (Version: 1.0.0015)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0)
Autodesk Backburner 2012.0.0 (Version: 2012.0.0)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (Version: 2.5.0.8)
AutoHotkey 1.1.05.06 (Version: 1.1.05.06)
Battlefield 3™ (Version: 1.0.0.0)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.110.0)
Best Buy Connect (Version: 3.00.68)
Best Buy pc app (Version: 3.2.2.1)
Blender (Version: 2.61-release)
Bonjour (Version: 3.0.0.10)
Call of Duty 4: Modern Warfare
Call of Duty Black Ops - Mod Tools (BETA)
Call of Duty Black Ops - Remote Console
Call of Duty® 2 (Version: 1.2)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Capsule (Version: 1.0.000)
CCleaner (Version: 3.15)
Composite 2012 64-bit (Version: 7.0.0)
Curse Client (Version: 5.1.1.410)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III (Version: 1.0.2.9950)
DirectX 9 Runtime (Version: 1.00.0000)
DiRT 3
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
ExpressGateCloud (Version: 2.6.27.160)
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
Far Cry 2
Fortix
Fraps
Fresco Logic USB3.0 Host Controller (Version: 3.5.30.0)
GameFast.exe (Version: 1.0.0.1)
Google Chrome (Version: 21.0.1180.89)
Grand Theft Auto IV
Grand Theft Auto IV (Version: 1.00.0000)
GRID
GTA2 (Version: 1.00.001)
Homefront
iFunbox (v1.99.958.697), iFunbox DevTeam (Version: v1.99.958.697)
Impulse® (Version: 3.29)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
iTunes (Version: 10.5.3.3)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 7 Update 2 (64-bit) (Version: 7.0.20)
Java™ SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Just Cause 2
Kaspersky PURE 2.0 (Version: 12.0.1.288)
L.A. Noire: The Complete Edition
Magicka
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mumble 1.2.3 (Version: 1.2.3)
Napoleon: Total War
Need for Speed™ Hot Pursuit (Version: 1.0.0.0)
Need for Speed™ ProStreet (Version: 1.0.1.0)
Neverwinter Nights 2: Platinum
Nuance PDF Reader (Version: 6.00.0041)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenAL
Origin (Version: 8.5.2.23)
PAYDAY: The Heist
PDF Settings CS6 (Version: 11.0)
Portal
Portal 2
PunkBuster Services (Version: 0.988)
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6564)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001)
Rotation Desktop for G Series.exe (Version: 1.0.0.9)
Roxio AACS Certificate (Version: 1.0.0)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer (Version: 5.8.58232.1)
Saints Row: The Third
SHIFT 2 UNLEASHED™ (Version: 1.0.0.0)
Sniper Elite V2
Sniper: Ghost Warrior
Speccy (Version: 1.14)
Steam (Version: 1.0.0.0)
SteamTool 1.1 (Version: 1.1)
Super Meat Boy
SUPERAntiSpyware (Version: 5.5.1016)
Synaptics Pointing Device Driver (Version: 15.3.43.0)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
System Requirements Lab for Intel (Version: 4.5.3.0)
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
THX TruStudio (Version: 1.03.01)
Tom Clancy's Rainbow Six: Vegas
Unity (Version: )
Unity Web Player (Version: )
Unreal Development Kit: 2011-12
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.0)
Wireless Console 3 (Version: 3.0.27)
World of Warcraft (Version: 5.0.5.16057)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 8169.16 MB
Available physical RAM: 4787.34 MB
Total Pagefile: 16336.52 MB
Available Pagefile: 12365.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.66 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:36.39 GB) NTFS
2 Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:209.18 GB) NTFS
3 Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS

========================= Users: ========================================

User accounts for \\IPWNGAMING-PC

Administrator Guest iPwnGaming
UpdatusUser


**** End of log ****

And the Adware log

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 22:03:57
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : iPwnGaming - IPWNGAMING-PC
# Boot Mode : Normal
# Running from : C:\Users\iPwnGaming\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\iPwnGaming\AppData\Roaming\Mozilla\Firefox\Profiles\dvy0dvfp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\iPwnGaming\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1261 octets] - [23/09/2012 22:03:57]

########## EOF - C:\AdwCleaner[S2].txt - [1321 octets] ##########

Edited by sam_man, 23 September 2012 - 10:07 PM.


#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 September 2012 - 10:08 PM

Your hosts file is blank lets fix that.



Open an elevated command prompt then copy and paste the following one at a time hitting enter after each.

cd C:\windows\system32\drivers\etc

takeown /a /f hosts

cacls hosts /p everyone:f

Reply Y Then copy and paste the text below hitting enter after.

attrib -s -h -r hosts

Close the command prompt window.

Go here and run the fix it for the hosts file,as admin.
http://support.microsoft.com/kb/972034

After the fix it runs then reboot,the hosts file should be restored to original.

Run the fix it below as admin.

http://go.microsoft.com/?linkid=9728872




Run the program below as admin hit the scan button allow it to finish then hit the delte button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe



Hit the start button and type services.msc scroll down to the dns client service right click it and select properties then change the startup type to disabled.Then stop the service.

Reboot your machine.





Download Security Check by screen317 from here.
http://screen317.spywareinfoforum.org/SecurityCheck.exe

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by InadequateInfirmity, 23 September 2012 - 10:09 PM.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 23 September 2012 - 10:14 PM

Do this now.



Also run a scan with Fsecure online scanner
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/143

Run Rkill prior to running the fsecure online scan and post both logs please.
http://download.bleepingcomputer.com/dl/7b48f8061b45a14abefd919f31a46522/505fc9db/windows/security/security-utilities/r/rkill/rkill.exe

After you complete the above then run rkill again and update malwarebytes and run a quick scan

#11 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 10:33 PM

Could you repost the rkiller link it please? It expired before I got to it. I ran the stuff with cmd and doing the stuff to hosts. I ran those microsoft fixit links too and the rougekiller. I'm running the Security Check by screen317 and it's on the "performing system health check" part right now.

Here's the log report. Btw my kaspersky license is expired that's why it's out of date.

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky PURE 2.0
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.3.300.270 Flash Player out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Edited by sam_man, 23 September 2012 - 10:38 PM.


#12 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 23 September 2012 - 10:58 PM

I did a scan and this is what I got on Fsecure

(I didn't get to download Rkill since the link was expired):

Scanning Report
Sunday, September 23, 2012 22:59:11 - 23:36:55

Computer name: IPWNGAMING-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ E:\
No malware found
Statistics
Scanned:

Files: 130656
System: 7800
Not scanned: 256

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\0264F7FA130030EC4B0B9D7D6226F04C91198EA9.HOMEGROUPCLASSIFIER\34D9A9506F950A916D1EC820620F7A9F\GROUPING\DB.MDB
C:\USERS\IPWNGAMING\APPDATA\LOCAL\TEMP\HSPERFDATA_IPWNGAMING\6860
C:\USERS\IPWNGAMING\APPDATA\LOCAL\TEMP\HSPERFDATA_IPWNGAMING\720
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\004F0D710A0DBE3DD3D76AA88CBA0FC1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\016DFA30116CA4413BBBC0855338B654_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0197A88BB6F59E4390C10EC3B6FCEF8D_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01BFF5FE520D907B8C00DE631034E566_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04550565F03593AA5A0E8D8248F4BD23_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0689F3412895C8B3653640A651048387_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08084CBBC93634B0BBAFD1FEE41ABFBF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08D073772ACEA8502AB641852E4E8009_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09654A653C05039D53D5A405D5CF2BB2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA720A3BB2E33D54FEB881A50B1C066_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BB0017402863A00712DEAE21B57A2F4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D580F34D99B3AD3F075DCAD6E600718_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F13063E9C64490B619C5BC93E6749BF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10CC20EB027680A881F0E116C0064AF7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\120D5C1A007A8B3247C9D483036AFE90_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12C1787C96B97D3D43ED6BBD175CA0C8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\139298F85A334F8C9A0E35C88C82BB0A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15BC656EF72267CA2904B9CA7B5410E7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16D6E775687E6E6125F4C8117CAD4296_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1736E928DB002EB797BFF46CDBAE852C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18751361E0EEC00087415D64CCBC8061_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19A3BBCB4A89728ED996548D277C3FA3_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19A5C513C293DA7DB9A9C0DB484056C9_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A0D867E13677AB59956ABBF5B85B596_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B7754783DD6EDF16464E1B79856A2C4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C7E5AEA948682A269BC4739595D5B4D_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\203D3C04544FE9E06214D6D08B859C2F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DB0B8B779AA06EA18687DAE5DB9555C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\212B8D12F46939EAC5E5CF9B216BC345_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21BC3092FFA0470FE533B6C0C6DEE4DF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21FF2C191B1DFF7B217F1B18FEE1B5F5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22C618A0C753E3CD9BE98294E90D0D90_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22FC99FF608C947995A577C7FD9F0601_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24455DB9514ABDF14B56EEEA062A7508_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2485A8321414624E52F9173936A298E4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26060781E98FFA0DF327780B3BFD84DC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2943B2A321C5E511AFB16D017028521A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29AAEBAB4BCEF487181B3F8E1299C0CD_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A720F294F6276BB99EFC3825FA08309_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B0D178B3435E2AB8420DDDD99ED8836_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B190BFD8C015B3960A743755BF96A0A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DB1FBF51AA4247F9D1D63C11A91F84D_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E4EEFC9F460CE832795BED24E6C5E71_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B943EB467DD4307AAFDB95D083DEF9E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FBC62F036BACD2AC6854EC86B07F82E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3127D2964D1BC8799FDF9C26B7C60A19_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31B7E35E457418D050C6E326BAA09216_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3295A669D85BD24B6849D0CD505545E6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3395481744F7BDAE6789EEA4C7135E06_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3800B39EEEC53F52EDE54E38F8F0B128_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38C543E2F7A4C7088C94CB4BA56A8E63_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39BC4880EBFE281E5A289FA6A4DDA2DC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AA30519D144800897C2AEE3C284970A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ABB97F26422FA96F88461BF380F7A86_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B442F501B689760632CCBD193AA2597_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B84044CEBA29F3520FE24FD031EB1D0_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3BD656818A13A4EE9839D0D03D609BD3_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CEC8170FC8898AD370EBE503D892C31_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DC3DF9C8EF4C6342C3A19ABD5D15941_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ED107C5609AF2FB1E206C4B50D26E81_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40580F678FC6DACA4D76368F9285FEE1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42C0E3749EBF4A62326C39D709F5D3CE_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43122848C4F6A0F88047F6B657D2C050_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43F87160A53F3FF83D9C536A8DB59CCE_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4541937CEC3FD67F77FC2844FD9BD3C7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46B8243736232C30326AD4A1F995C22A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\488FD91CCAB69BA83B588B0B5F06A249_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4664B358228F7D625F786706F076DAF4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\491E9E538C755CB8CF5C0EA28188F713_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49A734FA8A827E368E2EC7BEB5967AA1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\49796AAF6B3FB0E29819F2A20D722341_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AF7FAFE2C126092855F7D73349B1D97_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B37C77F4A772EE41B31B39CF92D7BEF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E80FEEBCC32D2C710B9061626ED5806_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\509E4E4691E41CB202DAF681DDFEC0EB_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52125928FE5AE881790C14AD6ECBB227_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5222704D3E4D28ACCF256DBD3FB72FFD_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52E7332E82CBAF295FEF62EF01AD0EF6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\530A37E7BADD76AC528AAF7E52DCB68C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5488927B861B5E0818745DB31578C193_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54F82E10C43FEE8DF588099FC36C7FB4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\556BD5EB1E55D0924C01AAD6986F8521_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\559669D9636A011FBE4868F54599C0F2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56E3C2178DA5D8D61BDFAD5222F4C5C5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\591EF539C086E078D957D55F39251078_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A577A44517BF20FD2F01BA2267556F4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A71D1B4DA87BE3756381CD76CCA82CD_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B0D5E4C90607D3A800968EADAD0861B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C0D417D519E8F9274355F6A3ED4A6B9_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C69908326E00F85DFD400DFD64812F9_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DAAFF037645836AA522DF287433145B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61ACE2C0EFF29062792C314751FBE05A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EE0B2D7C135ED810E13E8C24A0AF623_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E19FE34977B6360441971CFA5373397_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62D046BD65DFC1B4CDD2BB1B0B36A62A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63E232F2B1D0BC21DFDDB50581E8A773_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\648299674ED5AC9219D950D6801624CE_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65ECBD2BC9F536531BBB240455F21F50_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6643EA2E1F59DB967ABFFEDE01A6C1E6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\673719DD8E1427B02D87B413508D39DB_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67611B9E3CFAE198195BCA1657B2EB16_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A5D38FBCED4A9D4047F531DC6C8DFD0_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B3331C4E34E552002A14BD52FF29EE5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BE8DC89EDC4ED70C8588C22A3D92D62_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C28DF99945EA36EB5279EBC87FEB0C1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D8FD5D3AFB30BBD0E9CEC368F3206C1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E03F3868AD9F8A2A2086FA7D80C0B32_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EBA6C1C1B1167DC6055F723046399E8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\713339C0385850E3A78143E76A1E2CF2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F1B2B092B37E861CAE6A6AC67DEDF0E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73F8B6E7C4B6E6AFF1E334D68B11092A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\747C7C6A0135032B7F10BF02B52BF7AF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\790D0ECF962CFA8E61B05D459580808B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\794A93E46AB0DC94D48EEF16238FA181_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7973D1F8857E5573085FEB191F7C813E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79A56FC6E22E5FF41179A40F2C7976C5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F5776CB2A1ABFFC67F95CA75FF79411_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A504A03AA0A3BB5F3FD21E44AF644F4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82F5E3363565773E591201409ECE7950_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8490C11021C9D114C00DEA66308065E0_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84E0B21F039EC905427FAD76CAFE814C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\851978E33E7EFEC481960A6AA5B303CA_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\855B0EA2FC4E2DB41C2856586B92D44E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8818E97D4D6F07B2D1028B724124AD16_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89355B01C805B5553EA7705E1A7787E6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\894F671478F45DE7170B01EFF1D6B597_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DFA12F9C1A168F2F34C577D2F570F75_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\901C67192CF455D7CF7B7BF84F2CD17C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90B0A871CF8DDA7C3E445467CF9EF250_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91CD41FB4D7A321A5614150E6492C965_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92436B84E0437F16961877588BECD258_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9571D38D69F9140EF4616A0C55E3F07A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\960E18C145C1D64B833D579D822D0D88_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9674283F5E5B142CE5C489C1BBA974D4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97C2DF3B1F3DE38EA459FE26C18BE27A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98BD5468840E8CAD91FE4B042F29EE1F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\990C62EC8636A053CE64DA82A166BE88_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\995480B9B41C3D3BA7A1D600E6A83E0B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99E5A39C90F3FCC515D7747111BBD7DB_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A241649569C71CE1658733FCCE08F36_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AF52244DD43DAA1A018D7EDC425C99A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C88CD6FA578820D92E4655916E9B80D_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D45267B17C2A990EABB285A4016EB29_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E041B580C111E91AC2001E86E88875E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E1AFE1C6DC4818E33104705672AB197_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1E86D0ABBC24E28CCFD6BA779396669_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A26953946627FEE0C7CD1AAD9933959A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A91AC3E629D468D4482762CFA70390D3_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA8A427C3545935C0204D738B5EEBEFD_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA4D3C939033FDE6DD863931E4D3DC5F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABE742E5932752F9ADCDEF9B1500FC0B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC09D6C28B39446954284B38B7560A85_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD53A8BEF515ED428EA21B663D7979DA_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AEFD27045E99CEB3BD314359D988F334_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFD05A9BB247E8714D7CE38A1E7DDE91_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0B65B86AE09C24F55152D27C3391963_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0F9D9105BE90126B526198DFE4594C3_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B25510C993F03C13A4163CDFA99D6751_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B357B1961A0D2705D90DE5BB67E5D2D8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4489E61D1C3A6AA3E9E92419688863F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5F072233E0168DE655B13F95E2CFFAC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5502A89542569CA6D4E1C7AC4CEA6CB_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B72951EB11B8E93CC458BA06B03461A7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9EDE401E18923FD96B1A0867D2D1C05_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA2C26666ECF5881751DB97A2889FAC4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA2C3CA6CE52734E9B6065562AAB60AC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA791E4607EAB99EC4AAAEA2A4AE6EAF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB28AF1C0172611DE8EF712D704C6ED1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB2F07D6A73DA6DCFEDDA9008D91AC78_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC24A86F88FABC17148D9D5BEDB80174_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC57D997B28651AB5417E44707A6BD6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDE1AE3444649E04F405B660CCF135F7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C03EEE7B7AC5B0ECF4F9CA4C78B21B9F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE996F106550622C6A84927B73931C65_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0FB19E79FE0DEADA1701637C675F186_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C17050B07FB4BC03230DD82D7E9DFCBF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C22188604D8F7632FF83E2C8D3FCA1A0_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C48C8A54E68C0718554D808A74E980CF_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5E14631D0E3F508BCF2E1E6332E8A21_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C61E097C3407C44D9C094336DF19F10A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C819C4267C5558AD26BBA5ADD883CA06_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C654B831850031B6D0CA9DE0CBCBA988_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8776B06FF50ADD4E39C67427EB5B5F6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB2D3C7B33F8A1CCFFEB360A488B7E07_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC6CDE1DD5F46BA5F27451898938D7F8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFA4D9859C92DDEFA0D1278FE4B720E3_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0D75217970985FEFCAD8AA9BCC4180C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1D6A63A57B94CF6B44F24C3D8D23EE2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3B42D5BCA7BE882B06E27A21F0BE328_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D741985EC207C49E750E22F6BB2BB5D5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9D10093C76BDD51CD415F3A13E9659F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA4017AAE84C159050DAE5490B7FDFDE_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBE3E58A7B872A3C411C999D546E0A35_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC0FFD83AA26E9B45B0D9D133B38065D_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC13B4C179745A2DC6793554DA438B27_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC3CB32966177FA2EB4E3DF543705D06_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD301B981824D59538C970FA20C2985E_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD44F645421DDBD671335F64105D87DE_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DDAD7D76DC71DFA3E9EFDE4C0330F616_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEA1B884AFF73033B2E3809B73CF1C74_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E12CF73B521A8B1FD60CD61E9BFC2A67_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2331D8FB79CCE3C456CA300282D53A1_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E24E06F625B66FB22EE9530461F1B7B5_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E27574913B13977EF56A3ACFE1167162_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2AC819FB04E001D23805E1B8F1C3081_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E402CEE85DF8C757AA4648AD62E923DD_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E38D1202B5B225AFFBDFCACFD29DD0B8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E54F60C6755B18BDEFEA21885D76C162_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5ECED17530694299D3FD5A5D0DA1867_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6DFA65E1F258CCF23CD0748F378A8E4_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E70678D614CE74FFE4A27CE8CA5F599B_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7DB870DAF4FAC46A241FC9CD0B42E8A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E93A9AA2C81B516339954C989887DD96_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBBCBA17D671C2362FCA9144EB7F6234_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC19C13FC14D8E735D26378E9E5A4544_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED582E425C584912CBE147D1CA8776F2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE6706704A5A1B730124F48CAB6E24C8_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EEE04E6172AA2A12C09DA64BED8B3475_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF3BA8E364F03600ECC403110E3F1E82_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFE3A3C8A2CAD4F230871C285674737C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F15AFAAF456CF8BEF1EBC8132CD98659_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2CB0B5C68B3072DA912AC14BCD10A38_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2C57325D511ACFA3B06FB3C6E9A4C1C_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F38F6B3C586C8D22E0C9548A92ABD997_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F36570BC5DED299198FB8FD263011AE6_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4F8296D1E96BE98A9A1F75F9C7A2A07_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5DE144810C0D979836BF3871F635722_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5EAB7145F411756E53ECF7CDB44C640_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F809B5D2AD54D6B4DCE1EEF1D4D608DC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9321D60DBD9E9D2D62B38C5AE227E15_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9FCB024EC2CA38AE47E4D4B5A8E9FD2_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA1523D3287900A340EB6ACD611843A7_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA97269E7E172775A9609FCEAE2BB67A_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB7204B96ED0EDC15772F146439EA5DC_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC71BE7CE01A04A70818A8A67D9604E0_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE8CAEE67131096A60D3DEACCF9A0386_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC66AE13074BEA73E1442C8008DDC24F_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF1F842F8A2C8BEB08D578E3F048B819_65BE7BCB-EA82-410A-9EDA-935ADB3832E6
C:\BOOT\BCD

Edited by sam_man, 24 September 2012 - 12:22 AM.


#13 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 24 September 2012 - 12:02 AM

I also ran this Rkill that I found here (http://www.bleepingcomputer.com/download/rkill/dl/11/) (Note: I ran Rkill after I ran the above posted log).
After that I ran MBAM again which found those 3 same viruses/trojans and they still reappeared after reboot (the MBAM log is on this post below the Rkill log):

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/23/2012 11:57:11 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/23/2012 11:57:17 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)





Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
iPwnGaming :: IPWNGAMING-PC [administrator]

9/23/2012 11:57:49 PM
mbam-log-2012-09-23 (23-57-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224930
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5460 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Edited by sam_man, 24 September 2012 - 12:30 AM.


#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 24 September 2012 - 04:24 AM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

#15 sam_man

sam_man
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 24 September 2012 - 03:50 PM

Hmm it didn't seem to give me a log that I could copy and paste but I took a screen shot here: Posted Image Do you want me to run the scan again and delete the skipped detected file one I wasn't sure weather or not to skip it since it had skip on there by default.

Here's the one with the detected:
Posted Image

So after the reboot I ran MBAM again and the kaspersky anti-rootkit had apparently removed the trojan which MBAM had earlier said was located in the memory. MBAM then removed the svchost.exe in C:\windows. Now here's what MBAM says is left and this one is the one that slows down my computer and keeps reappearing:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
iPwnGaming :: IPWNGAMING-PC [administrator]

9/24/2012 4:09:58 PM
mbam-log-2012-09-24 (16-19-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224698
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> No action taken.

(end)

Edited by sam_man, 24 September 2012 - 04:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users