Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help Sirefef trojan and now my PC wont boot correctly


  • Please log in to reply
101 replies to this topic

#1 DonnieDarko831

DonnieDarko831

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 16 May 2013 - 05:42 PM

Mod Edit:  Moved from Am I Infected to Malware Removal Logs - Hamluis.

 

Hi, Can somebody please help??
The other day on my PC, I clicked to close a popup saying I needed to update my flash player.
It wasn't Adobe but looked very similar so I clicked the 'X' to close it. A windows then popped up and vanished. Almost instantly after, I got a warning saying that Windows Defender had been turned off. When I clicked the shield to look at it, My pc hung and crashed.
I rebooted it and ran Malware Bytes to remove anything that might have infected my PC and it found 1 file.
I ran Avast Antivirus to which found nothing.
I rebooted the PC again but as it loaded, the initial welcoming screen appeared, then the mouse cursor but then the screen went black. I could still move the mouse cursor but do nothing else.
I reset the Pc and entered Safe mode with Networking to try and find a solution. Wen I opened up Google Chrome, a warning came up that said Infection with Sirefef.Gen C! and suggested to run Microsoft Security Essentials.
So, I downloaded it to find I couldn't install it in safe mode.
I can't run my PC in normal mode and don't know how to get it to any form of stability.
I've since rebooted a couple times and now my PC doesn't even run in safe mode, it loads up and stays on a black screen with a working mouse pointer.
 
My PC is :
i5 2500 CPU
8 GB Ram
64bit W7 OS Ultimate
 
I do have an old 32 bit version of windows on another hard drive so I booted that but can't get any internet access to update MSE and also can't carry out any boot scan on the other drive that the 64bit OS is on.
 
Hopefully somebody can help me out of this mess.
Your expertise is greatly appreciated.


*Moderator Edit: Moved topic from Windows 7 to the appropriate forum. ~ Queen-Evie*


Edited by hamluis, 17 May 2013 - 10:56 AM.
Move overlooked yesterday - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:07 PM

Posted 16 May 2013 - 06:57 PM

http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&dlc=en&docname=c00833257

 

I'll report this topic to appropriate helpers.

Hold on there....


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:07 PM

Posted 16 May 2013 - 07:40 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:07 PM

Posted 16 May 2013 - 08:31 PM

Hello, just letting you know I moved this to Virus, Trojan, Spyware, and Malware Removal Logs  where it will stay.             


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 May 2013 - 05:11 PM

Ok, done that thanks. Here's the log file listed below.
 
cheers
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2013
Ran by SYSTEM on 17-05-2013 22:57:54
Running from K:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware] H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [x]
HKLM-x32\...\Runonce: [Z1] cmd /c "H:\Documents\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s [x]
HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-04-12] (Razer USA Ltd)
HKLM-x32\...\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295512 2013-04-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [526336 2011-01-28] (Spigot, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [iTunesHelper] "H:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [86960 2006-03-20] (Macrovision Corporation)
HKLM-x32\...\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [x]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "H:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [avast] "H:\Program Files (x86)\AVAST Software\Avast\avastUI.exe" /nogui [x]
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "H:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [x]
HKU\Home Network Server\...\Run: [RocketDock] "H:\Program Files (x86)\RocketDock\RocketDock.exe" [x]
HKU\Home Network Server\...\Run: [updateMgr] H:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 [x]
HKU\Home Network Server\...\Run: [Steam] "H:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKU\Home Network Server\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Home Network Server\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-09-04] (NVIDIA)
HKU\Home Network Server\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Home Network Server\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [x]
HKU\Home Network Server\...\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Home Network Server\...\Run: [Google Update] "C:\Users\Home Network Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-23] (Google Inc.)
HKU\Home Network Server\...\Run: [DAEMON Tools Pro Agent] "H:\Program Files (x86)\Games\DAEMON Tools Pro\DTAgent.exe" -autorun [x]
HKU\Home Network Server\...\Run: [Akamai NetSession Interface] C:\Users\Home Network Server\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-16] (Akamai Technologies, Inc)
HKU\Home Network Server\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [1647448 2011-11-12] (IObit)
HKU\Mcx2-HOMENETWORKPC\...\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [x]
HKU\Mcx2-HOMENETWORKPC\...\Run: [Google Update] "C:\Users\Home Network Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-23] (Google Inc.)
HKU\Mcx2-HOMENETWORKPC\...\Run: [Akamai NetSession Interface] C:\Users\Mcx2-HOMENETWORKPC\AppData\Local\Akamai\netsession_win.exe [x]
HKU\Mcx2-HOMENETWORKPC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Mcx3-HOMENETWORKPC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
ShortcutTarget: Network Chat AutoStart.lnk -> H:\Program Files (x86)\Games\GameChat\Network Chat\Network Chat.exe (No File)
Startup: C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> H:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
 
==================== Services (Whitelisted) =================
 
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-02-12] (Adobe Systems)
S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-05] ()
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()
S2 avast! Antivirus; "H:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe" [x]
S2 LEC TranslateDotNet Server; "H:\Program Files (x86)\Power Translator 12\LogoMedia TranslateDotNet Server.exe" [x]
S3 Microsoft Office Groove Audit Service; "H:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [x]
S3 TunngleService; H:\Program Files (x86)\Games\GameChat\Tunngle\TnglCtrl.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-11-20] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2011-11-20] (Windows ® Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-11-20] ()
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
S3 Ph6xIB64; C:\Windows\System32\DRIVERS\Ph6xIB64.sys [1512832 2009-06-10] (NXP Semiconductors GmbH)
S3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-03-03] (Duplex Secure Ltd.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-29] (C-Media Electronics Inc)
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [x]
S3 fiddrv64; \??\C:\Windows\fiddrv64.sys [x]
S3 fidpcidrv64; \??\C:\Windows\fidpcidrv64.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [x]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-17 22:57 - 2013-05-17 22:57 - 00000000 ____D C:\FRST
2013-05-13 16:05 - 2013-05-13 16:05 - 00002243 ____A C:\Windows\epplauncher.mif
2013-05-13 15:59 - 2013-05-15 11:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-13 14:48 - 2013-05-13 15:24 - 06006499 ____A C:\Users\Home Network Server\Desktop\2013_AWHP SYSTEM_Technical Masters_Envirosorb 3.pptx
2013-05-13 14:42 - 2013-05-13 14:42 - 53624832 ____A C:\Users\Home Network Server\Desktop\Training_aroTHERM_VWL x5_2_UK 190413.ppt
2013-05-13 13:03 - 2013-05-13 13:03 - 00000940 ____A C:\Users\Home Network Server\Desktop\Should I Remove It.lnk
2013-05-13 13:03 - 2013-05-13 13:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-10 15:06 - 2013-05-10 15:15 - 4290903984 ___AC C:\RAMDisk.img
2013-05-10 15:06 - 2013-05-10 15:12 - 4290903984 ___AC C:\RAMDisk.img.bak
2013-05-10 14:53 - 2013-05-10 14:55 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Dataram_Corporation
2013-05-05 17:40 - 2013-05-05 17:40 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-04-23 21:36 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders =======
 
2013-05-17 22:57 - 2013-05-17 22:57 - 00000000 ____D C:\FRST
2013-05-17 13:46 - 2011-04-08 18:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-17 13:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-17 13:25 - 2012-08-07 13:14 - 00011119 ____A C:\Windows\setupact.log
2013-05-15 12:00 - 2012-08-07 13:36 - 00080538 ____A C:\Windows\PFRO.log
2013-05-15 11:33 - 2013-05-13 15:59 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-15 11:33 - 2012-06-22 01:36 - 00000000 ____D C:\ProgramData\FLEXnet
2013-05-15 11:33 - 2011-04-07 13:51 - 00000000 ____D C:\users\Home Network Server
2013-05-15 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2013-05-15 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-15 11:30 - 2011-04-07 20:50 - 01264826 ____A C:\Windows\WindowsUpdate.log
2013-05-15 11:28 - 2009-07-13 21:13 - 00792716 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-13 16:49 - 2011-05-21 11:49 - 00000000 ____D C:\Windows\pss
2013-05-13 16:07 - 2012-02-26 03:26 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\Dropbox
2013-05-13 16:05 - 2013-05-13 16:05 - 00002243 ____A C:\Windows\epplauncher.mif
2013-05-13 15:27 - 2011-04-12 12:48 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Deployment
2013-05-13 15:24 - 2013-05-13 14:48 - 06006499 ____A C:\Users\Home Network Server\Desktop\2013_AWHP SYSTEM_Technical Masters_Envirosorb 3.pptx
2013-05-13 15:23 - 2011-07-23 15:29 - 00000964 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555052361-1710578400-1272498390-1000UA.job
2013-05-13 15:23 - 2011-07-23 15:29 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555052361-1710578400-1272498390-1000Core.job
2013-05-13 15:09 - 2011-07-17 14:15 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-13 14:42 - 2013-05-13 14:42 - 53624832 ____A C:\Users\Home Network Server\Desktop\Training_aroTHERM_VWL x5_2_UK 190413.ppt
2013-05-13 14:39 - 2012-08-02 13:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-13 13:03 - 2013-05-13 13:03 - 00000940 ____A C:\Users\Home Network Server\Desktop\Should I Remove It.lnk
2013-05-13 13:03 - 2013-05-13 13:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-13 11:09 - 2011-07-17 14:15 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-13 09:44 - 2011-11-20 16:44 - 00000308 ____A C:\Windows\Tasks\RtlDashSrvStart.job
2013-05-11 13:37 - 2011-04-15 16:40 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\CrashDumps
2013-05-10 15:15 - 2013-05-10 15:06 - 4290903984 ___AC C:\RAMDisk.img
2013-05-10 15:12 - 2013-05-10 15:06 - 4290903984 ___AC C:\RAMDisk.img.bak
2013-05-10 14:55 - 2013-05-10 14:53 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Dataram_Corporation
2013-05-10 09:51 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-10 09:51 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-05 17:44 - 2011-04-15 14:10 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\uTorrent
2013-05-05 17:40 - 2013-05-05 17:40 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-05 17:38 - 2011-10-23 14:21 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\vlc
2013-05-05 17:28 - 2013-02-11 15:22 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\ArmA 2 OA
2013-05-01 17:06 - 2011-04-07 14:18 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 10:20 - 2012-10-14 15:13 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\SwvUpdater
2013-04-28 15:08 - 2013-02-21 15:13 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\six-updater
2013-04-28 15:02 - 2013-02-11 15:05 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Play withSIX
2013-04-28 15:02 - 2012-10-25 16:15 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Downloaded Installations
2013-04-28 14:15 - 2012-02-12 14:46 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Microsoft Help
2013-04-20 16:01 - 2013-02-11 14:09 - 00000000 ____D C:\Users\Home Network Server\Desktop\Training docs
 
ZeroAccess:
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\L
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\L\00000004.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\L\201d3dde
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\L\76603ac3
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\00000004.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\00000008.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\000000cb.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\80000000.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\80000064.@
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1040.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz106E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz10E9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz11E0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1202.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz12B1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz131D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1402.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz144E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz14EA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1531.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz159A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz15A7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz15C7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz15D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1679.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1712.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1761.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz183B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1870.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz18EA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz197D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz19DD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1A0C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1A40.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1A58.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1A72.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1B19.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1B60.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1BF4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1C89.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1C8E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1D66.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1E2D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz1EBD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz202B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz203A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2057.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz20D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz210B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz250E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2563.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2586.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz25CC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2759.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz280B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2825.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2827.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz284.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz28AD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2908.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2BC3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2D1F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2D25.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2ED9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2F02.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2F86.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz2FDD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz305B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz314B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz319.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3233.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3257.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3260.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz33E7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz349D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz34BA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz351C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3688.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz36A5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz36AE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3706.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz370A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3725.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz37D9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz382A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz387C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz38D5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3989.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3A93.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3AA7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3B0B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3B41.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3C87.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3CB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3E0D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3E45.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3E4C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3E95.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3F4D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3FBE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz3FC3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz401E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz409D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz41A4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz41B2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4246.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz42DA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4317.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz44CB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4519.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz45BB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz45FE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz46D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz46EC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4704.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz477D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz47F3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz482C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4837.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz48BA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4961.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz49B6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4A63.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4B15.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4B4B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4BED.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4C23.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4CAB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4CE0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4D5E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4D64.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4D68.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4D80.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4DA3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4E34.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4E79.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4EA3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4ED3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4EED.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4F4D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4F63.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz4FA5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz514F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5155.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz51A7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz51B8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz51BA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz51C2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5416.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz54D4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz554E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz55F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz561E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5711.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5732.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5766.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz57FC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5820.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz58B3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz594A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz598A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz59E7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz59F3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5A1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5A32.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5AE1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5BBA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5C55.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5C83.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5CBA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5D81.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5DE6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5F7A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5F93.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz5FBA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz609E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz60DA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz615C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6183.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz61B4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz61EE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz626A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6280.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz62E0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6331.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz643.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz64FE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6515.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz65C2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6630.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6709.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz671F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz672C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6732.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6865.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz68F9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz695.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz696D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6998.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6A6F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6A78.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6A96.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6AC1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6B29.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6B38.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6BCA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6BF8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6C7C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6C8C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6C9D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6CA5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6CAA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6CF4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6D4A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6DB4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6E15.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6E78.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6EBE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6F3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6F5A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6F5B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6F6F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz6FD4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7004.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz704.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz70A2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7476.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz74D9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7520.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7542.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7553.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz755C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz761D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7626.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz76FE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz78B7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz78E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7968.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz79FE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7A77.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7C62.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7C98.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7CA5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7CD1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7CFE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7DC9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7DDD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7DED.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7F3C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7F97.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7FBB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz7FC9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz805E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz813A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8249.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz827A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz82B6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz82B7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz82B8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz82B9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8427.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz84D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz84F7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz84F8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz84F9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz84FA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz852F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8568.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8571.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz85AB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz85D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz85EA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8660.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz86DB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz883D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8859.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz88C2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8901.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz895A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz89B6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz89B7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz89D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8A68.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8B84.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8CDF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8CE5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8D73.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8E26.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8E27.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8E5B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8EF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz8FFF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9014.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz913A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9146.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz92FD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9371.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9375.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9387.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9388.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9389.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz939A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz942C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz94B0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9512.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9536.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz95AA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz95B5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz95DA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz960A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz965B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9729.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz975F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz979E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9984.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz99E2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9B88.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9C82.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9CD5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9CE6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9D5C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9E29.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9E51.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9EB2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9EFE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trz9F0D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA03B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA087.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA0D5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA0EB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA192.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA1B3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA225.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA253.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA292.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA2D4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA3EC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA454.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA45F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA462.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA476.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA4DC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA565.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA5C8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA5E0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA5FD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA6D7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA73.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA731.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA784.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA890.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzA989.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAAB7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAAC1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAAFA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAB89.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAD0E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAD26.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzADF7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAE57.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAE7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzAE81.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB09E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB0F4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB16F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB20C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB381.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB3E0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB450.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB495.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB4C5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB586.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB5B1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB5B8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB5E1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB5EF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB6A9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB70B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB73D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB7DC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB7E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB7F3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB81E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB8C0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB8DC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB8E2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB94.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB941.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzB99C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBA8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBAAF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBBDB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBC34.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBC3E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBCC2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBCCF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBD37.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBD80.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBDA1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBDAC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBE1B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBE8A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBECB.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBF17.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBF1A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBF50.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzBFED.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC0D8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC0D9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC263.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC32E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC40F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC48E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC4A8.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC507.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC50A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC54B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC5CE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC651.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC677.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC680.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC6B0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC6C9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC71D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC82D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC87B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC97C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzC9CA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCA8E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCA9A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCAAE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCB2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCB77.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCC1E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCCC1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCDE1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCE2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCE22.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCE49.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCE4F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCE65.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCEAE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzCEEE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD13C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD144.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD179.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD206.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD229.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD279.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD396.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD3DD.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD402.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD5EC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD63D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD69A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD799.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD7FA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD94E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzD957.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDA70.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDA92.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDB35.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDBC1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDC03.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDC0C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDC51.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDD07.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDDD5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDE2F.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDE89.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzDF92.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE017.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE0E7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE0EC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE134.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE222.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE302.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE3F1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE3F4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE40E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE436.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE5BF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE619.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE65C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE6D1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE74B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE761.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE782.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE8EF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE957.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE96D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzE9D2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEA2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEB74.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEB90.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEBA0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEC9C.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzECA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzECC1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzECF2.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzED55.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEDE3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEE54.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEE8A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEF00.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEF34.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEFBC.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzEFEF.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF056.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF06A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF0ED.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF0F0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF26E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF2A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF2D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF31D.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF340.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF348.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF3FA.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF42A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF46B.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF482.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF4F4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF5C3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF5D4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF5E6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF63.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF684.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF6B3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF747.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF7E5.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF85A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF866.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF8A3.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF908.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF9A.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF9E1.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzF9EE.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFAB6.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFAE7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFB41.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFCE9.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFDD0.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFE04.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFE5E.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFE7.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFE87.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFEB4.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFF74.tmp
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73}\U\trzFFF6.tmp
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Other Malware:
===========
C:\ProgramData\ezsidmv.dat
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-01 18:00:13
Restore point made on: 2013-05-02 18:00:13
Restore point made on: 2013-05-03 18:00:13
Restore point made on: 2013-05-04 18:00:13
Restore point made on: 2013-05-10 14:53:00
Restore point made on: 2013-05-10 14:57:14
Restore point made on: 2013-05-13 13:02:54
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8175.37 MB
Available physical RAM: 7254.39 MB
Total Pagefile: 8173.57 MB
Available Pagefile: 7282.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:18.82 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (Storage system) (Fixed) (Total:931.51 GB) (Free:171.06 GB) NTFS (Disk=3 Partition=1)
Drive f: (Primary System) (Fixed) (Total:150.89 GB) (Free:88.9 GB) NTFS (Disk=0 Partition=2)
Drive g: (Documents) (Fixed) (Total:147.1 GB) (Free:139.02 GB) NTFS (Disk=0 Partition=3)
Drive h: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Recorded TV) (Fixed) (Total:279.46 GB) (Free:238.21 GB) NTFS
Drive j: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
Drive k: (FLASH DRIVE) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32 (Disk=4 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2B832B82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: DEABCF33)
Partition 1: (Not Active) - (Size=279 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 15B21369)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=119 GB) - (Type=42)
Partition 4: (Not Active) - (Size=344 KB) - (Type=42)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0A3160EA)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
 
 
Last Boot: 2013-05-03 17:15
 
==================== End Of Log ============================


#6 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 May 2013 - 05:35 PM

Do I hit the 'fix' tab now?



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:07 PM

Posted 17 May 2013 - 07:04 PM

Not yet.

 

Run FRST as you did before.
 

Type the following in the edit box on FRST, after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 May 2013 - 04:35 PM

Ok done that thanks. 
 
Farbar Recovery Scan Tool (x64) Version: 17-05-2013
Ran by SYSTEM at 2013-05-18 22:22:31
Running from K:\
Boot Mode: Recovery
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
 
====== End Of Search ======


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:07 PM

Posted 18 May 2013 - 08:29 PM

Download the enclosed file.

 

Save it next to FRST in the USB drive.

 

Run FRST as you did before, except that this time around click on the fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
 

Boot in Normal Mode. If able to, follow these steps:

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 May 2013 - 11:40 AM

HI,

 

Ok. Re-ran FRST and clicked fix with the 'fixlist' attached.

Tried to reboot in normal mode but still no luck.

I thought I might have done something wrong so re-ran the fixlist but by the look of it it has already removed the associated services.

 

Still no successful boot-up.

 

Listed as below.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2013
Ran by SYSTEM at 2013-05-19 17:23:27 Run:2
Running from K:\
Boot Mode: Recovery
==============================================
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Security 360 => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IAStorIcon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 7.0 => Value not found.
HKEY_USERS\Home Network Server\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock => Value not found.
HKEY_USERS\Home Network Server\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr => Value not found.
HKEY_USERS\Home Network Server\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value not found.
HKEY_USERS\Mcx2-HOMENETWORKPC\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value not found.
HKEY_USERS\Mcx2-HOMENETWORKPC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKEY_USERS\Mcx3-HOMENETWORKPC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\ProgramData\Start Menu\Programs\Startup\Network Chat AutoStart.lnk not found.
H:\Program Files (x86)\Games\GameChat\Network Chat\Network Chat.exe not found.
C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk not found.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
H:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE not found.
avast! Antivirus => Service not found.
LEC TranslateDotNet Server => Service not found.
Microsoft Office Groove Audit Service => Service not found.
TunngleService => Service not found.
ASNDIS4 => Service not found.
fiddrv64 => Service not found.
fidpcidrv64 => Service not found.
IntcAzAudAddService => Service not found.
RAMDiskVE => Service not found.
SmartDefragDriver => Service not found.
Synth3dVsc => Service not found.
tsusbhub => Service not found.
VGPU => Service not found.
C:\Windows\Installer\{2e64719d-fe3f-0854-9c54-2db898714a73} => File/Directory not found.
C:\Windows\assembly\GAC_32\Desktop.ini => File/Directory not found.
C:\Windows\assembly\GAC_64\Desktop.ini => File/Directory not found.
C:\ProgramData\ezsidmv.dat => File/Directory not found.
C:\Windows\System32\services.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
 
==== End of Fixlog ====


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:07 PM

Posted 19 May 2013 - 02:05 PM

re-Scan with FRST and post its report.(FRST.txt)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 May 2013 - 03:19 PM

Hi Ok, Done that as listed below.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2013
Ran by SYSTEM on 19-05-2013 20:20:43
Running from K:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware] H:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [x]
HKLM-x32\...\Runonce: [Z1] cmd /c "H:\Documents\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s [x]
HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-04-12] (Razer USA Ltd)
HKLM-x32\...\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295512 2013-04-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [526336 2011-01-28] (Spigot, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [iTunesHelper] "H:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [86960 2006-03-20] (Macrovision Corporation)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [avast] "H:\Program Files (x86)\AVAST Software\Avast\avastUI.exe" /nogui [x]
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKU\Home Network Server\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Home Network Server\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-09-04] (NVIDIA)
HKU\Home Network Server\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Home Network Server\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [x]
HKU\Home Network Server\...\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\Home Network Server\...\Run: [Google Update] "C:\Users\Home Network Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-23] (Google Inc.)
HKU\Home Network Server\...\Run: [DAEMON Tools Pro Agent] "H:\Program Files (x86)\Games\DAEMON Tools Pro\DTAgent.exe" -autorun [x]
HKU\Home Network Server\...\Run: [Akamai NetSession Interface] C:\Users\Home Network Server\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-16] (Akamai Technologies, Inc)
HKU\Home Network Server\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [1647448 2011-11-12] (IObit)
HKU\Mcx2-HOMENETWORKPC\...\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [x]
HKU\Mcx2-HOMENETWORKPC\...\Run: [Google Update] "C:\Users\Home Network Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-23] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Home Network Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> H:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
 
==================== Services (Whitelisted) =================
 
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2012-02-12] (Adobe Systems)
S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-05] ()
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()
 
==================== Drivers (Whitelisted) ====================
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software)
S3 etdrv; C:\Windows\etdrv.sys [25640 2011-11-20] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2011-11-20] (Windows ® Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-11-20] ()
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
S3 Ph6xIB64; C:\Windows\System32\DRIVERS\Ph6xIB64.sys [1512832 2009-06-10] (NXP Semiconductors GmbH)
S3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-03-03] (Duplex Secure Ltd.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-29] (C-Media Electronics Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-17 22:57 - 2013-05-17 22:57 - 00000000 ____D C:\FRST
2013-05-13 16:05 - 2013-05-13 16:05 - 00002243 ____A C:\Windows\epplauncher.mif
2013-05-13 15:59 - 2013-05-15 11:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-13 14:48 - 2013-05-13 15:24 - 06006499 ____A C:\Users\Home Network Server\Desktop\2013_AWHP SYSTEM_Technical Masters_Envirosorb 3.pptx
2013-05-13 14:42 - 2013-05-13 14:42 - 53624832 ____A C:\Users\Home Network Server\Desktop\Training_aroTHERM_VWL x5_2_UK 190413.ppt
2013-05-13 13:03 - 2013-05-13 13:03 - 00000940 ____A C:\Users\Home Network Server\Desktop\Should I Remove It.lnk
2013-05-13 13:03 - 2013-05-13 13:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-10 15:06 - 2013-05-10 15:15 - 4290903984 ___AC C:\RAMDisk.img
2013-05-10 15:06 - 2013-05-10 15:12 - 4290903984 ___AC C:\RAMDisk.img.bak
2013-05-10 14:53 - 2013-05-10 14:55 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Dataram_Corporation
2013-05-05 17:40 - 2013-05-05 17:40 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-04-23 21:36 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders =======
 
2013-05-19 11:09 - 2011-07-17 14:15 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-19 11:08 - 2011-04-08 18:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-19 11:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-19 10:39 - 2012-08-02 13:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-19 10:23 - 2011-07-23 15:29 - 00000964 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555052361-1710578400-1272498390-1000UA.job
2013-05-19 08:37 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-19 08:37 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 22:57 - 2013-05-17 22:57 - 00000000 ____D C:\FRST
2013-05-17 13:25 - 2012-08-07 13:14 - 00011119 ____A C:\Windows\setupact.log
2013-05-15 12:00 - 2012-08-07 13:36 - 00080538 ____A C:\Windows\PFRO.log
2013-05-15 11:33 - 2013-05-13 15:59 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-15 11:33 - 2012-06-22 01:36 - 00000000 ____D C:\ProgramData\FLEXnet
2013-05-15 11:33 - 2011-04-07 13:51 - 00000000 ____D C:\users\Home Network Server
2013-05-15 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2013-05-15 11:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-15 11:30 - 2011-04-07 20:50 - 01264826 ____A C:\Windows\WindowsUpdate.log
2013-05-15 11:28 - 2009-07-13 21:13 - 00792716 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-13 16:49 - 2011-05-21 11:49 - 00000000 ____D C:\Windows\pss
2013-05-13 16:07 - 2012-02-26 03:26 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\Dropbox
2013-05-13 16:05 - 2013-05-13 16:05 - 00002243 ____A C:\Windows\epplauncher.mif
2013-05-13 15:27 - 2011-04-12 12:48 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Deployment
2013-05-13 15:24 - 2013-05-13 14:48 - 06006499 ____A C:\Users\Home Network Server\Desktop\2013_AWHP SYSTEM_Technical Masters_Envirosorb 3.pptx
2013-05-13 15:23 - 2011-07-23 15:29 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555052361-1710578400-1272498390-1000Core.job
2013-05-13 14:42 - 2013-05-13 14:42 - 53624832 ____A C:\Users\Home Network Server\Desktop\Training_aroTHERM_VWL x5_2_UK 190413.ppt
2013-05-13 13:03 - 2013-05-13 13:03 - 00000940 ____A C:\Users\Home Network Server\Desktop\Should I Remove It.lnk
2013-05-13 13:03 - 2013-05-13 13:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-05-13 11:09 - 2011-07-17 14:15 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-13 09:44 - 2011-11-20 16:44 - 00000308 ____A C:\Windows\Tasks\RtlDashSrvStart.job
2013-05-11 13:37 - 2011-04-15 16:40 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\CrashDumps
2013-05-10 15:15 - 2013-05-10 15:06 - 4290903984 ___AC C:\RAMDisk.img
2013-05-10 15:12 - 2013-05-10 15:06 - 4290903984 ___AC C:\RAMDisk.img.bak
2013-05-10 14:55 - 2013-05-10 14:53 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Dataram_Corporation
2013-05-05 17:44 - 2011-04-15 14:10 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\uTorrent
2013-05-05 17:40 - 2013-05-05 17:40 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-05 17:38 - 2011-10-23 14:21 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\vlc
2013-05-05 17:28 - 2013-02-11 15:22 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\ArmA 2 OA
2013-05-01 17:06 - 2011-04-07 14:18 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 10:20 - 2012-10-14 15:13 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\SwvUpdater
2013-04-28 15:08 - 2013-02-21 15:13 - 00000000 ____D C:\Users\Home Network Server\AppData\Roaming\six-updater
2013-04-28 15:02 - 2013-02-11 15:05 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Play withSIX
2013-04-28 15:02 - 2012-10-25 16:15 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Downloaded Installations
2013-04-28 14:15 - 2012-02-12 14:46 - 00000000 ____D C:\Users\Home Network Server\AppData\Local\Microsoft Help
2013-04-20 16:01 - 2013-02-11 14:09 - 00000000 ____D C:\Users\Home Network Server\Desktop\Training docs
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-01 18:00:13
Restore point made on: 2013-05-02 18:00:13
Restore point made on: 2013-05-03 18:00:13
Restore point made on: 2013-05-04 18:00:13
Restore point made on: 2013-05-10 14:53:00
Restore point made on: 2013-05-10 14:57:14
Restore point made on: 2013-05-13 13:02:54
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8175.36 MB
Available physical RAM: 7294.44 MB
Total Pagefile: 8173.56 MB
Available Pagefile: 7299.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:18.81 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (Storage system) (Fixed) (Total:931.51 GB) (Free:171.06 GB) NTFS (Disk=3 Partition=1)
Drive f: (Primary System) (Fixed) (Total:150.89 GB) (Free:88.89 GB) NTFS (Disk=1 Partition=2)
Drive g: (Documents) (Fixed) (Total:147.1 GB) (Free:139.02 GB) NTFS (Disk=1 Partition=3)
Drive h: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Recorded TV) (Fixed) (Total:279.46 GB) (Free:238.21 GB) NTFS
Drive j: (Win7_sp1_32-64_EN-faXcooL) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
Drive k: (FLASH DRIVE) (Removable) (Total:3.72 GB) (Free:0.5 GB) FAT32 (Disk=4 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: DEABCF33)
Partition 1: (Not Active) - (Size=279 GB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2B832B82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 15B21369)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=119 GB) - (Type=42)
Partition 4: (Not Active) - (Size=344 KB) - (Type=42)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0A3160EA)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
 
 
Last Boot: 2013-05-03 17:15
 
==================== End Of Log ============================


#13 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 May 2013 - 03:25 PM

Services txt too while i'm at it..

 

 

Farbar Recovery Scan Tool (x64) Version: 17-05-2013
Ran by SYSTEM at 2013-05-19 21:13:16
Running from K:\
Boot Mode: Recovery
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\FRST\Quarantine\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:07 PM

Posted 19 May 2013 - 03:47 PM

You seem to have moved the hard drives. You shouldn't do anything until we are finished. Leave things the way they are, as any action on your part will shuffle our efforts.

Download the enclosed file.

Save it next to FRST in the USB drive.

Run FRST as you did before, except that this time around click on the fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Edited by JSntgRvr, 19 May 2013 - 03:47 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 DonnieDarko831

DonnieDarko831
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 May 2013 - 04:09 PM

Ok done that, here's the file..
Just to note, I hadn't moved any hard drives and am following your instructions through.. What I did notice was that after the initial bootup problems and trying to restore before coming to you for help, my PC had started to ask which OS to run... 'Windows 7 ultimate' or 'Windows 7 ulimate (recovered)'. at some point around clicking the fix and trying to reboot normally again, it no longer asks me to select.. It's just windows 7 ultimate.
 
Log file as below.
thanks
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2013
Ran by SYSTEM at 2013-05-19 21:54:30 Run:3
Running from K:\
Boot Mode: Recovery
==============================================
 
 
=========  bcdedit /enum all /v  =========
 
 
Windows Boot Manager
--------------------
identifier              {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device                  partition=H:
description             Windows Boot Manager
locale                  en-US
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default                 {2a2e1e06-61e6-11e0-92b0-cdead8a8b388}
resumeobject            {2a2e1e05-61e6-11e0-92b0-cdead8a8b388}
displayorder            {2a2e1e06-61e6-11e0-92b0-cdead8a8b388}
toolsdisplayorder       {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {2a2e1e06-61e6-11e0-92b0-cdead8a8b388}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {2a2e1e05-61e6-11e0-92b0-cdead8a8b388}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {2a2e1e05-61e6-11e0-92b0-cdead8a8b388}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {b2721d73-1db4-4c62-bf78-c548a880142d}
device                  partition=H:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {4636856e-540f-4170-a130-a84776f4c654}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {5189b25c-5558-4bf2-bca4-289b11bd29e2}
 
Global Settings
---------------
identifier              {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit                 {4636856e-540f-4170-a130-a84776f4c654}
                        {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
                        {5189b25c-5558-4bf2-bca4-289b11bd29e2}
 
Boot Loader Settings
--------------------
identifier              {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
                        {7ff607e0-4395-11db-b0de-0800200c9a66}
 
Hypervisor Settings
-------------------
identifier              {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit                 {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
 
========= End of CMD: =========
 
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users